Sev1Tech
Content Developer - Senior
Sev1Tech, Chandler, Arizona, United States, 85249
Overview/ Job Responsibilities
Sev1Tech is looking for the right candidate to play a role on a very large program involving network, cybersecurity, and cloud operations and engineering support services to a government customer with a significant mission for security and public safety. The program will encompass a wide range of tasks across Program Management; Monitoring, Analysis and Incident Response; Tier 3 Engineering and O&M; and Field Engineering technical support. Work will be executed in the National Capital Region, in Stennis, Mississippi; Chandler, Arizona; and other locations in the U.S and occasionally OCONUS.
Sev1Tech seeks a Lead Content Developer/Cyber Threat Detection Developer, utilizing Splunk Enterprise Services or other SIEM tools to pro-actively research and then apply custom detection capabilities from disparate data sources such as: cyber threat intelligence, vulnerability data, campaign and indicators of compromise. These threat detection data types will be used to develop custom security, engineering, and or applicable dashboards; validate existing and/or create new correlation rules and alerts, as well as validate the index sources of the SIEM to ensure a thorough defense in depth for the enterprise.
Responsibilities include but are not limited to:Analyze data feeds and event logsCorrelate the results with known threats, vulnerabilities, and incidentsCreate new security content and updates to Enterprise NOSC dashboardsDevelop, disseminate, and implement new security content such as Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Data Loss Prevention (DLP) correlation rules and cyber threat indicatorsParticipate in Briefings to provide expert guidance on new threats and will act as an escalation point for cyber analysts and engineering leadsAuthor reports and/or interface with customers for ad-hoc requestsParticipate in discussions to make recommendations on improving NOSC cyber visibility, process improvements, and reducing the incident remediation periodInvestigate and analyze all logs available within the SIEM, document workflows, and identify process improvements in the handling and remediation of cyber security eventsLeverage deep understanding of how to develop custom content within the Splunk SIEM using advanced SPL language and data models or other network security tools to detect threats and attacksCapture use cases from subscribers or other team members to develop custom correlation rule(s), validate and or create new dashboard(s) and validate all index sources for applicability within the Splunk environmentUtilize knowledge of latest cyber threats and attack vectors to develop and or maintain custom Splunk correlation rules from all indexed sources to support continuous event monitoring and alertingDevelop, manage, and maintain Splunk data modelsReview all existing network event sources to determine if relevant data is present and make technical recommendations to re-mediate any missing log componentsReview and or suggest new log and event index types as new devices are brought into the enterprise networkDevelop custom regex to create custom knowledge objectsDeveloping custom SPL using macros, lookups, etc., and network security signatures such as SNORT, YARA and ZeekDevelop custom dashboards and reports for customer stakeholdersTrain and mentor junior staffMinimum Qualifications
Bachelors in Information Technology, Computer Science, Cybersecurity or related field AND twelve (12) to fifteen (15) years of prior relevant experienceFive (5) years of experience in developing, implementing, and managing Splunk correlation rules and contentMust possess strong written and verbal communication skills and must be capable of the understanding, documenting, communicating and presenting technical issues in a non-technical manner to audiences with varying degrees of technical expertiseExtensive experience working with various security methodologies and processesAdvanced knowledge of TCP/IP protocols, experience configuring and implementing various technical security solutions, extensive experience providing analysis and trending of security log data from a large number of heterogeneous security devicesMust have demonstrated ability to build and implement event correlation rules, logic, and content in the security information and event management system with specific experience in the Splunk environmentMust have demonstrated ability to tune the SIEM event correlation rules and logic to filter out security events associated with known and well-established network behavior, known false positives and/or known errorsExperience maintaining an event schema with customized security severity criteriaExperience creating scheduled and ad-hoc reporting with SEIM toolsThorough and in-depth understanding of SEIM technologies and event collector deployments in the Windows and Linux operating environmentsExperience developing advanced correlation rules utilizing stats and data models for cyber threat detectionExperience creating and maintaining Splunk knowledge objectsExperience managing and maintaining Splunk data modelsExperience creating regex for pattern matchingExperience implementing security methodologies and SOC processesCertification Requirement: One of the following certifications is required CISSP, GCIH, GCFA, GPEN, GWAPT, GCIA, or equivalent.Certification Requirement: Splunk Core Certified Advanced Power User certificationAbility to provide proof of U.S. Citizenship in order to obtain a Dept of Homeland (DHS) Public Trust clearance
About Sev1Tech LLC
Founded in 2010, Sev1Tech provides IT, engineering, and program management solutions delivery. Sev1Tech focuses on providing program and IT support services to critical missions across Federal and Commercial Clients. Our Mission is to Build better companies. Enable better government. Protect our nation. Build better humans across the country.
Join the Sev1Tech family where you can achieve great accomplishments while fostering a satisfying and rewarding career progression. Please apply directly through the website at: https://www.sev1tech.com/careers/current-openings/#/ #joinSev1tech
For any additional questions or to submit any referrals, please contact: eileen.mckenzie@sev1tech.com
Sev1Tech is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
Sev1Tech is looking for the right candidate to play a role on a very large program involving network, cybersecurity, and cloud operations and engineering support services to a government customer with a significant mission for security and public safety. The program will encompass a wide range of tasks across Program Management; Monitoring, Analysis and Incident Response; Tier 3 Engineering and O&M; and Field Engineering technical support. Work will be executed in the National Capital Region, in Stennis, Mississippi; Chandler, Arizona; and other locations in the U.S and occasionally OCONUS.
Sev1Tech seeks a Lead Content Developer/Cyber Threat Detection Developer, utilizing Splunk Enterprise Services or other SIEM tools to pro-actively research and then apply custom detection capabilities from disparate data sources such as: cyber threat intelligence, vulnerability data, campaign and indicators of compromise. These threat detection data types will be used to develop custom security, engineering, and or applicable dashboards; validate existing and/or create new correlation rules and alerts, as well as validate the index sources of the SIEM to ensure a thorough defense in depth for the enterprise.
Responsibilities include but are not limited to:Analyze data feeds and event logsCorrelate the results with known threats, vulnerabilities, and incidentsCreate new security content and updates to Enterprise NOSC dashboardsDevelop, disseminate, and implement new security content such as Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Data Loss Prevention (DLP) correlation rules and cyber threat indicatorsParticipate in Briefings to provide expert guidance on new threats and will act as an escalation point for cyber analysts and engineering leadsAuthor reports and/or interface with customers for ad-hoc requestsParticipate in discussions to make recommendations on improving NOSC cyber visibility, process improvements, and reducing the incident remediation periodInvestigate and analyze all logs available within the SIEM, document workflows, and identify process improvements in the handling and remediation of cyber security eventsLeverage deep understanding of how to develop custom content within the Splunk SIEM using advanced SPL language and data models or other network security tools to detect threats and attacksCapture use cases from subscribers or other team members to develop custom correlation rule(s), validate and or create new dashboard(s) and validate all index sources for applicability within the Splunk environmentUtilize knowledge of latest cyber threats and attack vectors to develop and or maintain custom Splunk correlation rules from all indexed sources to support continuous event monitoring and alertingDevelop, manage, and maintain Splunk data modelsReview all existing network event sources to determine if relevant data is present and make technical recommendations to re-mediate any missing log componentsReview and or suggest new log and event index types as new devices are brought into the enterprise networkDevelop custom regex to create custom knowledge objectsDeveloping custom SPL using macros, lookups, etc., and network security signatures such as SNORT, YARA and ZeekDevelop custom dashboards and reports for customer stakeholdersTrain and mentor junior staffMinimum Qualifications
Bachelors in Information Technology, Computer Science, Cybersecurity or related field AND twelve (12) to fifteen (15) years of prior relevant experienceFive (5) years of experience in developing, implementing, and managing Splunk correlation rules and contentMust possess strong written and verbal communication skills and must be capable of the understanding, documenting, communicating and presenting technical issues in a non-technical manner to audiences with varying degrees of technical expertiseExtensive experience working with various security methodologies and processesAdvanced knowledge of TCP/IP protocols, experience configuring and implementing various technical security solutions, extensive experience providing analysis and trending of security log data from a large number of heterogeneous security devicesMust have demonstrated ability to build and implement event correlation rules, logic, and content in the security information and event management system with specific experience in the Splunk environmentMust have demonstrated ability to tune the SIEM event correlation rules and logic to filter out security events associated with known and well-established network behavior, known false positives and/or known errorsExperience maintaining an event schema with customized security severity criteriaExperience creating scheduled and ad-hoc reporting with SEIM toolsThorough and in-depth understanding of SEIM technologies and event collector deployments in the Windows and Linux operating environmentsExperience developing advanced correlation rules utilizing stats and data models for cyber threat detectionExperience creating and maintaining Splunk knowledge objectsExperience managing and maintaining Splunk data modelsExperience creating regex for pattern matchingExperience implementing security methodologies and SOC processesCertification Requirement: One of the following certifications is required CISSP, GCIH, GCFA, GPEN, GWAPT, GCIA, or equivalent.Certification Requirement: Splunk Core Certified Advanced Power User certificationAbility to provide proof of U.S. Citizenship in order to obtain a Dept of Homeland (DHS) Public Trust clearance
About Sev1Tech LLC
Founded in 2010, Sev1Tech provides IT, engineering, and program management solutions delivery. Sev1Tech focuses on providing program and IT support services to critical missions across Federal and Commercial Clients. Our Mission is to Build better companies. Enable better government. Protect our nation. Build better humans across the country.
Join the Sev1Tech family where you can achieve great accomplishments while fostering a satisfying and rewarding career progression. Please apply directly through the website at: https://www.sev1tech.com/careers/current-openings/#/ #joinSev1tech
For any additional questions or to submit any referrals, please contact: eileen.mckenzie@sev1tech.com
Sev1Tech is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.