Gray Tier Technologies

SIEM Content Developer

Full-Time in DC, US - Mid Level


Primary Responsibilities:

  • Experience with creating and implementing custom IOCs and IOAs in Crowdstrike

  • Experience with triaging and investigating hosts using Crowdstrike

  • Experienced with updating McAfee AV signatures

  • Experience with creating and maintain custom Tanium packages for collecting artifacts for continuous monitoring

  • Provide recommendations for tuning and/or triaging notable events

  • Perform critical thinking and analysis to investigate cyber security alerts

  • Analyze network traffic using enterprise tools (e.g. Full PCAP, Firewall, Proxy logs, IDS logs, etc)

  • Collaborate with team members to analyze an alert or a threat

  • Stay up to date with latest threats and familiar with APT and common TTPs

  • Utilize OSINT to extrapolate data to pivot and identify malicious activity

  • Have experience with dynamic malware analysis

  • Have experience performing analysis of network traffic and correlating diverse security logs to perform recommendations for response

  • Utilize the Cyber Kill Chain and synthesize the entire attack life cycle

  • Review and provide feedback to junior analysts’ investigation

  • participate in discussions to make recommendations on improving SOC visibility or process

  • Contribute to SOP development and updating

  • Provide expert guidance and mentorship to junior analysts

Basic Qualifications:

Candidates must have extensive experience working with various security methodologies and processes, advanced knowledge of TCP/IP protocols, experience configuring and implementing various technical security solutions, extensive experience providing analysis and trending of security log data from a large number of heterogeneous security devices, and must possess expert knowledge in two or more of the following areas related to cybersecurity:

  • Vulnerability Assessment
  • Intrusion Prevention and Detection
  • Access Control and Authorization
  • Policy Enforcement
  • Application Security
  • Protocol Analysis
  • Firewall Management
  • Incident Response
  • Encryption
  • Web-filtering
  • Advanced Threat Protection

Must have at least one of the following certifications:

SANS GIAC: GCIA, GCIH, GCFA, GPEN, GWAPT, GCFE, GREM, GXPN, GMON, GISF, or GCIH

EC Council: CEH, CHFI, LPT, ECSA

ISC2: CCFP, CCSP, CISSP CERT CSIH

Offensive Security: OSCP, OSCE, OSWP and OSEE

  • Must have TS/SCI. In addition to specific security clearance requirements, all Department of Homeland Security SOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program.

  • The ideal candidate is a self-motivated individual in pursuit of a career in cyber security.

  • Experienced with developing advanced correlation rules utilizing tstats and datamodels for cyber threat detection

  • Experienced with creating and maintaining Splunk knowledge objects

  • Experienced managing and maintaining Splunk data models

  • Expertise in developing custom SPL using macros, lookups, etc and network security signatures such as SNORT and YARA

  • Experience creating regex for pattern matching

  • Implemented security methodologies and SOC processes

  • Extensive knowledge about network ports and protocols (e.g. TCP/UDP, HTTP, ICMP, DNS, SMTP, etc)

  • Experienced with network topologies and network security devices (e.g. Firewall, IDS/IPS, Proxy, DNS, WAF, etc).

  • Hands-on experience utilizing network security tools (e.g. Sourcefire, Suricata, Netwitness, o365, FireEye, etc) and SIEM

  • Experience in a scripting language (e.g. Python, Powershell, etc) and automating SOC processes/workflow

  • Experience training and mentoring junior analysts

  • Extensive knowledge of common end user and web application attacks and countermeasures against attacks

  • Experience developing custom workflows within Splunk to streamline SOC processes

  • Experience creating SOPs and providing guidance to junior analysts

  • Ability to analyze new attacks and provide guidance to watch floor analysts on detection and response

  • Knowledgeable of the various Intel Frameworks (e.g. Cyber Kill Chain, Diamond Model, MITRE ATT&CK, etc) and able to utilize it in their analysis workflow

  • Experience with cloud (e.g. o365, Azure, AWS, etc) security monitoring and familiar with cloud threat landscape

  • Knowledgeable of APT capabilities and be able to implement appropriate countermeasures

Required Education/Experience: All Tier 2 analyst candidates shall have a minimum a bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field PLUS eight (8) years of experience in incident detection and response, malware analysis, or cy

%FOOTER_POWERED_BY%breezy