Peraton is a next-generation national security company that drives missions of consequence. They are seeking a motivated Content Developer / Detection Engineer to create analytics and dashboards within a SIEM platform to support the U.S. Army Regional Cyber Center - Europe.
Responsibilities:
- Create analytics with a SIEM to identify patterns, anomalies, and compromising indicators to alert Cyber Incident responders
- Create dashboards in the SIEM platform to tip analysts to malicious activities directed against the DoD information systems
- Create dashboards and report in the SIEM platform to assist network defenders in identifying issues and concerns
- Perform daily review of analytic performance on the SIEM identifying correlation engine slowdowns
- Evaluate intrusion detection sensor configurations for proper alert capability
- Evaluate intrusion detection signature for appropriateness to DoD networks and implement rules as required
- Contribute to the design, development and implementation of countermeasures, system integration, and tools specific to Cyber and Information Operations
- Assist in the integration of additional security platforms to correlate new data with HIDS and NIDS alerts
- Prepare and presents technical reports and briefings
- Write reports on capabilities of the defensive cyber operations to increase customer situational awareness and improve the customer's cyber security posture
- Write and update SOP and TTPs as required by the local customer
Requirements:
- Minimum of 5 years experience in Systems Engineering with a Bachelor's degree in a STEM field or Business Administration; an additional 4 years of experience in lieu of degree may be considered
- Must be able to qualify for Technical Expert Status Accreditation (TESA) by having a bachelor's degree in a STEM or Business field plus 3 years of specialized experience OR an associate's degree plus 7 years of specialized experience OR a major certification plus 7 years of specialized experience
- Active DoD Approved 8140 Certification in: DCWF 521 Intermediate (B.S. in IT or one of the following: GMON, GRID, CEH, Cloud+, CySA+, GSEC, Security+, PenTest+, SSCP)
- 8140 Residential Certification: Any one of the following: GDAT, GDSA, Elastic Certified, ArcSight ESM Advanced Analyst Certified Expert, Microsoft Certified: Cybersecurity Architect Expert, Azure DevoPs Engineer Expert, TCM Security PNPT
- U.S. citizenship required
- An Active DoD Top Secret security clearance with SCI eligibility
- Experience in developing dashboards, and creating and maintaining Elasticsearch rules
- Experience with intrusion detection systems such as Snort, Suricata, and TippingPoint
- Experience with one or more scripting languages such as PowerShell, Bash, Python
- Experience working with Gitlab
- Familiarity with ATT&CK Navigator and the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) matrices