The Cyber Defense Technical Expert is a senior individual contributor responsible for developing threat-based use cases for detecting cyber-attacks.
In addition to engineering threat-based alerts and developing anomaly-based reports for detection, the Cyber Defense Technical Expert will also be tasked with integrating real-time threat intelligence into the defensive systems.
The individual will work with multiple technology platforms and interface with other groups within Cyber Defense, Information Security, other technology, and business partners.
Primary responsibilities include:
Tuning of Intrusion Detection System and enhancement of detection capabilities
Developing new use cases to detect threats across multiple environments including network, endpoint and applications
Integrating cyber threat intelligence into defensive systems
Leading the logging enrollments from multi-tier applications into the enterprise logging platforms
Developing specific content necessary to implement Security Use Cases and transforming into correlation queries, templates, reports, rules, alerts, dashboards and workflow
Developing advanced reports and metrics to meet the requirements of key stakeholders
7 or more years of progressive security industry experience
Excellent understanding of Cyber Security Operations and Incident Response processes
Solid understanding of various operating systems (Window, Unix, Linux, AIX, etc) with an emphasis on Security Operations
Experience with programming/scripting (Python, Ruby Perl, C, Java etc.)
Hands on experience with Security Information and Event Management technologies (QRadar, ArcSight, Splunk etc.)
Excellent oral and written communications
Excellent understanding and proven hands-on experience in SIEM concepts such as correlation, aggregation, normalization, and parsing.
Excellent understanding of enterprise logging standards, with a focus on application logging
5 or more years of experience with SPLUNK, ArcSight and/or Qradar SIEM systems
Advanced knowledge of content creation concepts and best practices
Excellent understanding of regular expressions, development of custom/flex parsers
Solid understanding of security tools related to Data Loss Prevention and Privileged User Monitoring
Excellent Python and Unix Shell scripting skills
Solid understanding of events, related fields in log records and alerts reported by various data sources such as Windows/Unix systems, IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web proxies
5 or more years of network security and system security experience, supporting security event management tools (SIEMs)
Education, Certifications and/or Other Professional Credentials:
Bachelor's Degree (Security / IT Related) or equivalent combination of experience
A combination of relevant industry certifications including, but not limited to CISSP, GREM, GCIH, GCIA, CEH, GCED, CISA, etc.
Hours & Work Schedule
Hours per Week: 40
Work Schedule: Monday through Friday
* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.