DCO Content Developer / Detection Engineer

SOSi

Today
Top Secret/SCI
Unspecified
Unspecified
IT - Software
Wiesbaden, Germany (On-Site/Office)
Overview

SOSi is seeking a highly qualified DCO Content Developer / Detection Engineer to support our customer in Wiesbaden Germany.

Essential Job Duties

  • Work as a member of the Cyber Detection Engineering Team to increase the security posture of organization
  • Strategize and identify unique opportunities to locate and collect new data, explore and mine data, and determines and ascertain the outcome
  • Develop customized algorithms to solve analytical problems with incomplete data sets and implement automated processes for efficiently modeling and analyzing data output.
  • Designing, develop, test, and implement data analytics to meet cyber network defense security requirements and support network intrusion monitoring on information systems and networks.
  • Create Splunk dashboard to serve as the center point of initial intrusion analysis and information assurance awareness
  • Manage intrusion detection engines policies and rules sets
  • Identify and investigate vulnerabilities, asses exploit potential, and create analytics in the SIEM engines to automatically detect events with high confidence
  • Prepare charts and diagrams to assist in metrics analysis and problem evaluation, and submit recommendations for data mining and analytical solutions
  • Review daily cyber threat reports, open source reporting, reoccurring analytic alerts and penetration testing results to build SIEM correlation rules
  • Contribute to the design, development and implementation of countermeasures, system integration, and tools specific to Cyber and Information Operations
  • Draft reports of vulnerabilities to increase customer situational awareness and improve the customer's cyber security posture
  • Assist all sections of the Defensive Cyber Operations team as required in performing Analysis and other duties as assigned
  • May perform documentation and vetting of identified vulnerabilities for operational use
  • May prepare and presents technical reports and briefings
  • Utilize your solid understanding of networking protocols, their uses, and their potential misuses

Minimum Requirements

  • An active in scope Top Secret/SCI clearance is required
  • Bachelor in related discipline +5, AS +7, major certification +7 or 11+ years specialized experience
  • Must meet DoD 8140 DCWF 511 requirements (B.S., M03385G, M10395B, M22385, A-150-1980, A-150-1202, A-150-1203, A-150-1250, A-531-0451, A-531-4421, A-531-1900, WSS 011, DISA-US1377, GFACT, GISF, Cloud+, GCED, PenTest+, Security+, or GSEC)
  • Must have one of the following additional certifications (GDAT, GCDA, Elastic Certified Observability Engineer, ArcSight ESM Advanced Analyst, Splunk Enterprise Certified Admin, or Splunk Enterprise Certified Architect)
  • Experience in strategizing and identifying unique opportunities to locate and collect new data, explore and mine data
  • Experienced in developing customized algorithms to solve analytical problems with incomplete data sets, and implementing automated processes for efficiently modeling and analyzing data output
  • Experience in designing, developing, testing, and implementing data analytics to meet cyber network defense security requirements
  • Must have a full understanding of all aspects of Defensive Cyber Operations
  • Experience with Intrusion systems such as Snort, Suricata, and/or Zeek
  • Experience with writing SPL in Splunk to create complex searches and custom dashboards
  • Must be able to obtain certification as a Technical Expert by the German Government under the Technical Expert Status Accreditation (TESA) process

Preferred Qualifications

  • Bachelors degree in Engineering, Computer Science, or Mathematics
  • Experience with writing rules and trends in ArcSight ESM
  • Experience with writing Snort or Suricata IDS rules
  • Experience with identifying Microsoft Windows event IDs and how they relate to the Mitre ATT&CK Matrix
  • Experience with interpreting firewall and proxy logs
  • Experience with Git and VScode
  • Programming experience in one or more languages
  • Experience with one or more scripting languages such as PowerShell, Bash, Python or Perl

Work Environment

  • Working conditions are normal for an office environment.
  • On site in Wiesbaden, Germany
  • Fast paced, deadline-oriented environment.
  • May require periods of non-traditional working hours including consecutive nights or weekends (if applicable)

Working at SOSi

All interested individuals will receive consideration and will not be discriminated against for any reason.
group id: 10237746
R
Recruiter
Find SOSi on Social Media
Other
Network Employers (10)
Director of Talent Acquisition
Manager, Talent Acquisition
Talent Aquisition Strategist
Recruiter
Technical Recruiter
About Us
At SOSi every team member is dedicated to the mission. As a company we're committed to our core values of integrity, excellence and collaboration. Our vision inspires our approach. We push the boundaries of what’s possible to protect and solve today’s most complex problems. We invest in our people. We dream big with our solutions and we execute. We foster a culture of collaboration and mentorship matters. We’re purpose-driven and rise to the challenge.
See SOSi profile

SOSi Jobs

Job Category
IT - Software
Clearance Level
Top Secret/SCI
Employer
SOSi