Gray Tier Technologies is seeking a Threat Detection Engineer for a new customer on a highly-visible and strategic Cybersecurity Task Order. The Threat Detection Engineer will:
- Capture use cases from subscribers or other team members and develop correlation rules
- Utilize knowledge of latest threats and attack vectors to develop Splunk correlation rules for continuous monitoring
- Develop, manage, and maintain Splunk data models
- Review logs to determine if relevant data is present to accelerate against data models to work with existing use cases
- Develop custom regex to create custom knowledge objects
- Developing custom SPL using macros, lookups, etc., and network security signatures such as SNORT and YARA
- Develop custom dashboards and reports for customer stakeholders
Train and mentor junior staff
Basic Qualifications:
- Bachelor’s Degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field PLUS at least eight (8) years of experience in incident detection and response, malware analysis, or cyber forensics
- Extensive experience working with various security methodologies and processes
- Advanced knowledge of TCP/IP protocols, experience configuring and implementing various technical security solutions, extensive experience providing analysis and trending of security log data from a large number of heterogeneous security devices
- Expert knowledge in two or more of the following areas related to cybersecurity:
Vulnerability Assessment, Intrusion Prevention and Detection, Access Control and Authorization, Policy Enforcement, Application Security, Protocol Analysis, Firewall Management, Incident Response, Web-filtering, Advanced Threat Protection - Experience developing advanced correlation rules utilizing Stats and data models for cyber threat detection
- Experienced with creating and maintaining Splunk knowledge objects
- Experienced managing and maintaining Splunk data models
- Experience creating regex for pattern matching
- Experience implementing security methodologies and SOC processes
Preferred Qualifications:
- Top Secret clearance
- Experience with cloud (e.g. o365, Azure, AWS, etc) security monitoring and familiar with cloud threat landscape
- Completed Splunk Advance Searching and Reporting training
- Experience developing custom scripts using python
- Splunk certifications
yara Regex Splunk statistics access-control advanced-threat-protection Python snort Incident response spl soc TCP/IP