Cyber Threat Detection Engineer SME - Ashburn, United States - Base One Technologies

    Base One Technologies
    Base One Technologies Ashburn, United States

    1 month ago

    Default job background
    Description

    BS degree in Science, Technology, Engineering, Math or related field and 8 years of prior relevant experience with a focus on cyber security or Masters with 6 years of prior relevant experience.

    Should have 5 years of experience serving as a digital media
    Primary Responsibilities
    Identify gaps in malicious activity detection capabilities
    Create new signatures / rules to improve detection of malicious activity
    Test and tune existing signatures / rules to ensure low rate of false positives
    Assist in playbook development for alert triage and Incident Response
    Define and implement alert and threat detection metrics, statistics, and analytics
    Recommend new tools/technologies to improve network visibility
    Support Incident Response and Forensic operations as required to include static/dynamic malware analysis and reverse engineering
    Author and maintain scripts for threat detection and automation
    Basic Qualifications
    The Cyber Threat Detection Engineer SME shall have the following qualifications:
    In-depth knowledge of Firewalls/Proxies/Intrusion Detection Systems/ Domain Name Servers/DHCP/VPN and other network technologies and tools
    Experience updating, maintaining, and creating IDS variables within a complex enterprise network
    Expert in creating, modifying, tuning IDS signatures/SIEM Correlation Searches/yara rules and/or other detection signatures
    Familiarity with disk based forensic methodologies, Windows, and Linux forensic artifacts
    Experience with Endpoint Detection and Response (EDR) tools such as Carbon Black, Tanium, Crowdstrike, etc
    Able to create, modify, update, and maintain Python and Powershell scripts that enhance endpoint detection capabilities
    In-depth knowledge of attacker tactics, techniques, and procedures
    Author, test, and maintain automation scripts within SOAR platform
    The candidate must currently possess a Secret Clearance.

    In addition to clearance requirement, all CBP personnel must have a current or be able to favorably pass a 5 year background investigation (BI).

    BS degree in Science, Technology, Engineering, Math or related field and 8 years of prior relevant experience with a focus on cyber security or Masters with 6 years of prior relevant experience.

    Should have 5 years of experience serving as a digital media analyst or as a computer forensic analyst.
    Ability to work independently with minimal direction; self-starter/self-motivated
    Requirement Certifications
    CHFI – Computer Hacking Forensic Investigator
    CISSP – Certified Information Systems Security
    ECSA – EC-Council Certified Security Analyst
    EnCE
    GCFA – Forensic Analyst
    GCFE – Forensic Examiner
    GISF – Security Fundamentals
    GXPN – Exploit Researcher and Advanced Penetration Tester
    LPT – Licensed Penetration Tester
    OSCE (Certified Expert)
    OSCP (Certified Professional)
    OSWP (Wireless Professional)

    CIRC

    FIWE
    WFE-E-CI
    FTK-WFE-FTK
    Preferred Qualifications

    One of the following certifications:
    SANS Global Information Assurance Certification (GIAC) Certified Intrusion Analyst (GCIA)
    SANS Global Information Assurance Certification (GIAC) Certified Forensic Analyst (GCFA)
    SANS Global Information Assurance Certification (GIAC) Certified Network Forensic Analyst (GNFA)
    Certified Information System Security Professional (CISSP)

    #J-18808-Ljbffr