Senior Detection Engineer- Secret Clearance at Veterans Enterprise Technology Solutions Inc – Clarksville, Virginia

This position is located in Rosslyn, VA with a secondary location of Beltsville, MD. This position is onsite Monday - Friday, 8am - 4pm. No hybrid/telework allowed.

Responsibilities:

• Perform advanced custom development and implementation of cybersecurity alerts
• Develop, configure, and tune cyber security tools, alerts, and response capabilities
• Integrate security alerts and process workflows into SOAR and SIEM systems
• Automate and optimize security alert workflows to enhance threat response capabilities and enhance efficiency throughout the Incident Response lifecycle
• Analyze systems and environments to determine necessary logging and alerting to optimize cyber security monitoring in an ever-changing cyber threat landscape
• Provide technical expertise for Splunk, Python, JavaScript, PowerShell, and similar coding languages
• Support the security operations center through security development
• Support cross team collaboration efforts to enhance the customer’s defense against advanced cyber adversaries
• Implement cyber monitoring, analysis, and response capabilities within our SIEM, SOAR, and detection tools.
• Develop and enhance threat detections and advanced analysis capabilities.
• Provide tuning of threat detections.
• On-board and integrate cyber monitoring tools from the analyst’s perspective.
• Coordinate with engineers to assist in building and maintaining platforms.
• Coordinate with cyber threat experts to implement the latest signatures.
• Create and maintain various security dashboards, alerts, and reports.
• Write Zeek (Bro), Suricata and Snort signatures.
• Maintain Python and JavaScript based detections and automation capabilities within our tools.

Required Qualifications:

• Bachelor’s degree and minimum of 9 years of relevant experience; 7 years with Masters degree; 4 years with PhD. An additional 4 years of relevant experience will be substituted in lieu of the degree requirement.
• To be considered for this position, candidate must either currently hold one of the professional certifications listed below or obtain one prior to their start date. Continued certification is required as a condition of employment:
  • CASP+ CE, CCNA Cyber Ops, CCNA-Security, CCNP Security, CEH, CFR, CISA, CISSP (or Associate), Cloud+, CySA+, GCED, GCIA, GCIH, GICSP, SCYBER, VCA DCV, PPDA, Agile IC, SNOW App Dev
• U.S. citizenship required.
• Active Secret security clearance.
  • Ability to obtain final Top Secret clearance.

Preferred Qualifications:

• A solid understanding of the MITRE ATT&CK Framework
• A solid understanding of Splunk Enterprise Security
• A solid understanding of Cybersecurity Incident Response
• A solid understanding of Cloud Development with Microsoft Azure/MDE.
• A solid understanding of Machine Learning and User and Entity Behavior Analytics.