Address
Form of workJob Description
We connect our employees with some of the best opportunities around.
Time and time again, our employees tell us that the most important thing we offer is respect. Federal Staffing Solutions puts people to work in all types of jobs. When you work with us, you build a relationship with a team of employment professionals in your community who have, in turn, built personal relationships with the businesses that are hiring.
We are looking for a Threat Detection Engineer to work onsite in Ashburn, VA supporting our client.
The Threat Detection Engineershall have the following qualifications:
- In-depth knowledge of Firewalls/Proxies/Intrusion Detection Systems/ Domain Name Servers/DHCP/VPN and other network technologies and tools
- Experience updating, maintaining, and creating IDS variables within a complex enterprise network
- Expert in creating, modifying, tuning IDS signatures/SIEM Correlation Searches/yara rules and/or other detection signatures
- Familiarity with disk based forensic methodologies, Windows, and Linux forensic artifacts
- Experience with Endpoint Detection and Response (EDR) tools such as Carbon Black, Tanium, Crowdstrike, etc
- Able to create, modify, update, and maintain Python and Powershell scripts that enhance endpoint detection capabilities
- In-depth knowledge of attacker tactics, techniques, and procedures
- Author, test, and maintain automation scripts within SOAR platform
- The candidate must currently possess a Secret Clearance.
Additional Qualifications:
In addition to clearance requirement, all personnel must have a current or be able to favorably pass a 5 year background investigation (BI).
In addition to clearance requirement, all personnel must have a current or be able to favorably pass a 5 year background investigation (BI).
- BS degree in Science, Technology, Engineering, Math or related field and 8 years of prior relevant experience with a focus on cyber security or Masters with 6 years of prior relevant experience.
- Should have 5 years of experience serving as a digital media analyst or as a computer forensic analyst.
- Ability to work independently with minimal direction; self-starter/self-motivated
- Must have one of the following:
- CCFP – Certified Cyber Forensics Professional
- CHFI – Computer Hacking Forensic Investigator
- CISSP – Certified Information Systems Security
- ECSA – EC-Council Certified Security Analyst
- EnCE GCFA – Forensic Analyst
- GCFE – Forensic Examiner
- GCIH – Incident Handler
- GISF – Security Fundamentals
- GREM – Reverse Engineering Malware
- GXPN – Exploit Researcher and Advanced Penetration Tester
- LPT – Licensed Penetration Tester
- OSCE (Certified Expert)
- OSCP (Certified Professional)
- OSEE (Exploitation Expert)
- OSWP (Wireless Professional)
- CIRC
- FIWE
- WFE-E-CI
- FTK-WFE-FTK
Preferred Qualifications:
- One of the following certifications:
- SANS Global Information Assurance Certification (GIAC)
- Certified Intrusion Analyst (GCIA) SANS
- Global Information Assurance Certification (GIAC)
- Certified Forensic Analyst (GCFA) SANS
- Global Information Assurance Certification (GIAC)
- Certified Network Forensic Analyst (GNFA)
- Certified Information System Security Professional (CISSP)
Essential Requirements:
- US Citizenship is required.
- Active secret clearance.
Job Duties:
- Identify gaps in malicious activity detection capabilities
- Create new signatures / rules to improve detection of malicious activity
- Test and tune existing signatures / rules to ensure low rate of false positives
- Assist in playbook development for alert triage and Incident Response
- Define and implement alert and threat detection metrics, statistics, and analytics
- Recommend new tools/technologies to improve network visibility
- Support Incident Response and Forensic operations as required to include static/dynamic malware analysis and reverse engineering
- Author and maintain scripts for threat detection and automation
Equal Opportunity Employer
