Job Description
Position Description Summary:
Design and develop advanced SIEM content to detect evolving cyber threats within a high-security government network. You will research threat intelligence, collaborate with analysts, and tailor alerts and detection logic to mission systems, increasing the speed and precision of incident detection.
Responsibilities:
• Create and optimize SIEM use cases for threat detection
• Collaborate with analysts and tool SMEs to close detection gaps
• Write custom scripts to enhance log correlation and data normalization
• Evaluate and improve data feed quality
• Leverage MITRE ATT&CK for threat mapping and use case development
• Prioritize detection signatures based on critical systems and applications
Skills & Experience:
• 5+ years of IT experience
• 3+ years SIEM content development or IR experience
• 3+ years of system or network administration experience
• Familiarity with common log formats (Windows, syslog, firewall, etc.)
• Strong scripting skills (Python, PowerShell, or SPL preferred)
• Understanding of MITRE ATT&CK and network architecture
• Deep knowledge of Defense-in-Depth principles
Education:
• Bachelor's preferred
• Must Cybersecurity Service Provider – Incident Responder related certification (CEH, GCIA, GCIH, CSIH, CFR, or equivalent).
• Must have or be able to obtain an I.T. skill certification within six (6) months
Security Clearance Required:
• Active DoD Top Secret Clearance (or active Secret and eligible for a Top Secret Clearance)