Cybersecurity Capability Developer SME
| Company | Leidos |
|---|---|
| Location | Clarksburg, WV, USA, Huntsville, AL, USA |
| Salary | $126100 – $227950 |
| Type | Full-Time |
| Degrees | |
| Experience Level | Expert or higher |
Requirements
- Active Top-Secret Clearance with eligibility for SCI
- US Citizenship
- 10+ years of experience
- Experience with Splunk Enterprise Security
- Familiarity with all related aspects of cybersecurity operations and security architecture
- In-depth knowledge of network and application protocols, cyber vulnerabilities and exploitation techniques and cyber threat/adversary methodologies.
Responsibilities
- Develop, implement, and maintain detection rules to identify malicious behaviors.
- Optimize detection efficacy by reducing false positives and increasing true positive rates
- Document detection processes, methodologies, and workflows.
- Share insights and mentor team members on best practices in threat detection.
- Design, develop, and maintain cybersecurity tools, scripts, and capabilities that enhance operational effectiveness within the ESOC watch floor.
- Create automation solutions to streamline processes for threat detection, incident triage, response workflows, and reporting, ensuring faster and more efficient security operations.
- Integrate security technologies and data sources to improve detection, monitoring, and response capabilities
- Continuously test and optimize developed capabilities, ensuring their functionality and efficiency during live security operations.
Preferred Qualifications
- Strong expertise in SIEM platforms and familiarity with query languages (e.g. SPL, KQL).
- Understanding of malware behaviors, threat actors, and attack tactics (MITRE ATT&CK).
- Experience with automation and scripting (e.g., Python, PowerShell).
- Ability to independently assess and improve detection rules.
- Excellent troubleshooting and documentation skills.
- Experience with Microsoft Sentinel
- Experience with FBI, DHS, IC, and DoD Networks.
- Experience with mitigation development against malicious cyber activity
- One of the following certifications: GIAC Continuous Monitoring Certification (GMON), GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Certified Intrusion Analyst (GCIA), GIAC Network Forensic Analyst (GNFA), GIAC Cloud Threat Detection (GCTD), GIAC Cloud Forensics Responder (GCFR), Certified Information Systems Security Professional (CISSP)