Today
Top Secret/SCI
Mid Level Career (5+ yrs experience)
$100,000 - $125,000
No Traveling
IT - Software
San Antonio, TX (On-Site/Office)
Summary Overview:
A Content Developer contractor employee implements use cases based on mission requirements that provide Analysts with a manageable SIEM view of security incidents, complete with workflow and
reporting. Additionally, Content Developer contractor employees shall provide proactive housekeeping
of associated content (use cases) with consideration for revisions and/or decommissioning. Content
Developer contractor employees shall be in close collaboration with DO and DM leadership to ensure
tasks align with squadron requirements, priorities, and future initiatives.
Duties:
- Analyze DCO events.
- Apply current industry SIEM best‐practices.
- Use security alerts correlated with log enrichment data to enhance the operator’s ability to identify real attacks.
- Establish security control effectiveness and monitor for unauthorized outbound connections
- Create detections by analyzing log data across the enterprise. (CDRL A007)
- Develop dashboards and visualizations to identify adversarial activity. (CDRL A007)
- Use log data to establish and implement virtual tripwires for early detection.
- Analyze and ingest security logs into the SIEM in order to optimize for performance of the SIEM.
- Conduct designing, implementing, and testing of various SIEM solutions. (CDRL A007)
- Create and support the creation of SIEM Use Cases and understand what alerts and log enrichment is necessary to meet the required acceptable false positive rate. (CDRL A008)
- Create, test, and validate filters and rules. (CDRL A007)
- Build and implement event correlation rules, logic, and content in the SIEM. (CDRL A007)
- Tune SIEM event correlation rules and logic to filter out security events associated with known and well established network behavior, known false positives and/or known errors.
- Analyze malware threats to develop behavior based detections that alert and/or prevent malicious activity.
- Automate tasks in the SIEM using a common programming or scripting language.
- Create scheduled and ad‐hoc reporting with SEIM tools. (CDRL A007 and A008)
- Create and maintain SIEM documentation. (CDRL A008)
- Develop and execute a process to review and maintain SIEM resources such as rules, filters, lists, trends and reports.
- Utilize SIEM to develop metrics collection, analysis, and create reports upon request.
- Provide training to government personnel as requested.
- Provide knowledge transfer of tools, processes and procedures to government personnel as requested.
- Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
- Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. (CDRL A002)
- Create, document, and report metrics for analysis to improve weapon system processes and mission execution. (CDRL A009).
Requirements:
** Must have an Active TS/SCI**
**Must be able to obtain GCDA within 4 months upon hire**
- 5+ years of SIEM experience (Splunk, DEVO, Arcsight, or ELK)
- 3+ years with network traffic analysis, ports, and protocols
- 1+ year(s) of experience with Security, Orchestration, Automation, and Response (SOAR) platforms such as Phantom and/or Demisto. Proficient in Python and PowerShell.
---
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following:
• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)
A Content Developer contractor employee implements use cases based on mission requirements that provide Analysts with a manageable SIEM view of security incidents, complete with workflow and
reporting. Additionally, Content Developer contractor employees shall provide proactive housekeeping
of associated content (use cases) with consideration for revisions and/or decommissioning. Content
Developer contractor employees shall be in close collaboration with DO and DM leadership to ensure
tasks align with squadron requirements, priorities, and future initiatives.
Duties:
- Analyze DCO events.
- Apply current industry SIEM best‐practices.
- Use security alerts correlated with log enrichment data to enhance the operator’s ability to identify real attacks.
- Establish security control effectiveness and monitor for unauthorized outbound connections
- Create detections by analyzing log data across the enterprise. (CDRL A007)
- Develop dashboards and visualizations to identify adversarial activity. (CDRL A007)
- Use log data to establish and implement virtual tripwires for early detection.
- Analyze and ingest security logs into the SIEM in order to optimize for performance of the SIEM.
- Conduct designing, implementing, and testing of various SIEM solutions. (CDRL A007)
- Create and support the creation of SIEM Use Cases and understand what alerts and log enrichment is necessary to meet the required acceptable false positive rate. (CDRL A008)
- Create, test, and validate filters and rules. (CDRL A007)
- Build and implement event correlation rules, logic, and content in the SIEM. (CDRL A007)
- Tune SIEM event correlation rules and logic to filter out security events associated with known and well established network behavior, known false positives and/or known errors.
- Analyze malware threats to develop behavior based detections that alert and/or prevent malicious activity.
- Automate tasks in the SIEM using a common programming or scripting language.
- Create scheduled and ad‐hoc reporting with SEIM tools. (CDRL A007 and A008)
- Create and maintain SIEM documentation. (CDRL A008)
- Develop and execute a process to review and maintain SIEM resources such as rules, filters, lists, trends and reports.
- Utilize SIEM to develop metrics collection, analysis, and create reports upon request.
- Provide training to government personnel as requested.
- Provide knowledge transfer of tools, processes and procedures to government personnel as requested.
- Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
- Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. (CDRL A002)
- Create, document, and report metrics for analysis to improve weapon system processes and mission execution. (CDRL A009).
Requirements:
** Must have an Active TS/SCI**
**Must be able to obtain GCDA within 4 months upon hire**
- 5+ years of SIEM experience (Splunk, DEVO, Arcsight, or ELK)
- 3+ years with network traffic analysis, ports, and protocols
- 1+ year(s) of experience with Security, Orchestration, Automation, and Response (SOAR) platforms such as Phantom and/or Demisto. Proficient in Python and PowerShell.
---
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following:
• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)
group id: 10105424
Accelerating IT transformation in the public sector
