Capgemini
Cyber Security Content Developer
Capgemini, Washington, District of Columbia, us, 20022
Washington, DC, District of Columbia, United States
Capgemini
A global leader in consulting, technology services and digital transformation, we offer an array of integrated services combining technology with deep sector expertise.
View company page
Capgemini Government Solutions (CGS) is seeking a highly motivated Cyber Security Content Developer/ Cyber Threat Detection Developer (Threat Detection Developer) for User Activity Monitoring (UAM) to join our team to support our government clients. This role requires a Content Developer to provide support for onsite Insider Threat support services providing immediate investigation and resolution. Any qualified Cyber Threat Detection Developer will need to have an active Top-Secret clearance with SCI eligibility.This role is an opportunity to apply and grow your skillset in development work with a motivated and rapidly growing company, working with a wide range of technology-forward clients, and building CGS’ capabilities.Job Responsibilities:Self-directed team member who develops, implements, maintains, and supports SIEM
dashboards, reports, alerts, and knowledge objectsCreate baselines, queries, dashboards, and visualization to support customer requirements shared with the SecOps and operational teams to identify trends, etc.Manages and administers the tuning of rules, triggers, policies, signatures, and custom content for specialized CND applications and systemsApply knowledge of regular expressions to create extractions and apply working knowledge of Power Shell or other scripting language(s)Utilize knowledge of latest cyber threats and attack vectors to develop and or maintain custom correlation rules from all indexed sources to support continuous event monitoring and alertingParticipate in discussions to make recommendations on improving SOC cyber visibility, process improvements, and reducing the incident remediation periodReview all existing network event collections to determine if relevant data is present and make technical recommendations to develop or enhance alerting actionsEnhance customer's ability to accomplish mission initiatives by delivering forward-thinking solutions that are not defined by requirementsAuthor reports and/or interface with customers for ad-hoc requestsProvide expert guidance and mentorship to junior analystsRequired Qualifications:US Citizen. Must have an active Top-Secret clearance (SCI eligible)Bachelor’s degree in computer science, Information Technology, or a related field, or equivalent work experienceFive years of experience in developing, implementing, and managing SIEM correlation rules and content (such as Splunk, ArcSight, Kibana, LogRhythm)Experience with writing audit log parsers for SIEM data structures such as ArcSight’s CEF or Splunk’s SPLAdvanced knowledge of TCP/IP (Transport protocols geared to Network Engineering – Maybe change to encryption methods e.g. SSL/TLS and PKI) protocols, experience configuring and implementing various technical security solutions, extensive experience providing analysis and trending of security log data from security devicesMust have demonstrated the ability to tune the SIEM event correlation rules and logic to filter out security events associated with known and well-established network behavior, known false positives, and/or known errorsExperience developing advanced correlation rules utilizing stats and data models for cyber threat detectionExperience with Network Monitoring Tools such as proxy, load balancing, IDS/IPS, and packet capturing toolsExperience in a scripting language (e.g. Bash, Powershell, etc) and automating SOC processes/workflowExperience implementing security methodologies and SOC processesAbility to effectively work independently and as a team memberWork experience with Security Operations Center (SOC) or Industry Red TeamFacilitate excellent problem-solving, critical thinking, and analytical skills with the ability to de-construct problemsWork experience with the Intelligence CommunityCritical thinking skillsMust possess strong written and verbal communication skills and must be capable of understanding, documenting, communicating, and presenting technical issues in a non-technical manner to audiences with varying degrees of technical expertisePreferred qualifications:Highly Preferred to have an Active SCISplunk Enterprise Security Admin, Splunk Certified Developer certificationExtensive experience with User activity monitoring (UAM) ,User Entity Behavior Analytics (UEBA) and DLP toolsExpertise in developing Insider Threat trigger policiesInvestigate and analyze events of interest within the SIEM, document workflows, and identify process improvements in the handling and remediation of cybersecurity eventsArcSight ESM Administrator and Analyst Certified ProfessionalIdentifies and remediates visibility gaps of cyber defense systemsExperience with Installing and administering COTS applications on RHEL Linux and/or WindowsHands-on experience with one of the enterprise cybersecurity toolsets: HBSS/ESS , Trellix and ePolicy OrchestratorHands-on experience running Tenable or vulnerability tracking/scanning systemsOther highly desired certifications: CEH , CYSA+ , GICSP, SSCP, CNDLife at CapgeminiCapgemini supports all aspects of your well-being throughout the changing stages of your life and career. For eligible employees, we offer:Healthcare including dental, vision, mental health, and well-being programsFinancial well-being programs such as 401(k) and Employee Share Ownership PlanPaid time off and paid holidaysPaid parental leaveFamily building benefits like adoption assistance, surrogacy, and cryopreservationSocial well-being benefits like subsidized backup child/elder care and tutoringMentoring, coaching, and learning programsEmployee Resource GroupsDisaster ReliefAbout CapgeminiCapgemini is a global leader in partnering with companies to transform and manage their business by harnessing the power of technology. The Group is guided every day by its purpose of unleashing human energy through technology for an inclusive and sustainable future. It is a responsible and diverse organization of over 360,000 team members in more than 50 countries. With its strong 55-year heritage and deep industry expertise, Capgemini is trusted by its clients to address the entire breadth of their business needs, from strategy and design to operations, fueled by the fast-evolving and innovative world of cloud , data, AI, connectivity, software, digital engineering and platforms. The Group reported in 2022 global revenues of €22 billion.Capgemini is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, national origin, gender identity/expression, age, religion, disability, sexual orientation, genetics, veteran status, marital status or any other characteristic protected by law.This is a general description of the Duties, Responsibilities and Qualifications required for this position. Physical, mental, sensory or environmental demands may be referenced in an attempt to communicate the manner in which this position traditionally is performed. Whenever necessary to provide individuals with disabilities an equal employment opportunity, Capgemini will consider reasonable accommodations that might involve varying job requirements and/or changing the way this job is performed, provided that such accommodations do not pose an undue hardship.Capgemini is committed to providing reasonable accommodations during our recruitment process. If you need assistance or accommodation, please reach out to your recruiting contact.Please be aware that Capgemini may capture your image (video or screenshot) during the interview process and that image may be used for verification, including during the hiring and onboarding process.Applicants for employment in the US must have valid work authorization that does not now and/or will not in the future require sponsorship of a visa for employment authorization in the US by Capgemini.Capgemini discloses salary
range information in compliance with state and local pay transparency obligations. The disclosed range represents the lowest to highest salary we, in good faith, believe we would pay for this role at the time of this posting, although we may ultimately pay more or less than the disclosed range, and the range may be modified in the future. The disclosed range takes into account the wide range of factors that are considered in making compensation decisions including, but not limited to, geographic location, relevant education, qualifications, certifications, experience, skills, seniority, performance, sales or revenue-based metrics, and business or organizational needs. At Capgemini, it is not typical for an individual to be hired at or near the top of the range for their role. The base salary range for the tagged location is [$120K- $135K].This role may be eligible for other compensation including variable compensation, bonus, or commission. Full-time regular employees are eligible for paid time off, medical/dental/vision insurance, 401(k), and any other benefits to eligible employees.Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that is allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company’s sole discretion, consistent with the law.Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
#J-18808-Ljbffr
Capgemini
A global leader in consulting, technology services and digital transformation, we offer an array of integrated services combining technology with deep sector expertise.
View company page
Capgemini Government Solutions (CGS) is seeking a highly motivated Cyber Security Content Developer/ Cyber Threat Detection Developer (Threat Detection Developer) for User Activity Monitoring (UAM) to join our team to support our government clients. This role requires a Content Developer to provide support for onsite Insider Threat support services providing immediate investigation and resolution. Any qualified Cyber Threat Detection Developer will need to have an active Top-Secret clearance with SCI eligibility.This role is an opportunity to apply and grow your skillset in development work with a motivated and rapidly growing company, working with a wide range of technology-forward clients, and building CGS’ capabilities.Job Responsibilities:Self-directed team member who develops, implements, maintains, and supports SIEM
dashboards, reports, alerts, and knowledge objectsCreate baselines, queries, dashboards, and visualization to support customer requirements shared with the SecOps and operational teams to identify trends, etc.Manages and administers the tuning of rules, triggers, policies, signatures, and custom content for specialized CND applications and systemsApply knowledge of regular expressions to create extractions and apply working knowledge of Power Shell or other scripting language(s)Utilize knowledge of latest cyber threats and attack vectors to develop and or maintain custom correlation rules from all indexed sources to support continuous event monitoring and alertingParticipate in discussions to make recommendations on improving SOC cyber visibility, process improvements, and reducing the incident remediation periodReview all existing network event collections to determine if relevant data is present and make technical recommendations to develop or enhance alerting actionsEnhance customer's ability to accomplish mission initiatives by delivering forward-thinking solutions that are not defined by requirementsAuthor reports and/or interface with customers for ad-hoc requestsProvide expert guidance and mentorship to junior analystsRequired Qualifications:US Citizen. Must have an active Top-Secret clearance (SCI eligible)Bachelor’s degree in computer science, Information Technology, or a related field, or equivalent work experienceFive years of experience in developing, implementing, and managing SIEM correlation rules and content (such as Splunk, ArcSight, Kibana, LogRhythm)Experience with writing audit log parsers for SIEM data structures such as ArcSight’s CEF or Splunk’s SPLAdvanced knowledge of TCP/IP (Transport protocols geared to Network Engineering – Maybe change to encryption methods e.g. SSL/TLS and PKI) protocols, experience configuring and implementing various technical security solutions, extensive experience providing analysis and trending of security log data from security devicesMust have demonstrated the ability to tune the SIEM event correlation rules and logic to filter out security events associated with known and well-established network behavior, known false positives, and/or known errorsExperience developing advanced correlation rules utilizing stats and data models for cyber threat detectionExperience with Network Monitoring Tools such as proxy, load balancing, IDS/IPS, and packet capturing toolsExperience in a scripting language (e.g. Bash, Powershell, etc) and automating SOC processes/workflowExperience implementing security methodologies and SOC processesAbility to effectively work independently and as a team memberWork experience with Security Operations Center (SOC) or Industry Red TeamFacilitate excellent problem-solving, critical thinking, and analytical skills with the ability to de-construct problemsWork experience with the Intelligence CommunityCritical thinking skillsMust possess strong written and verbal communication skills and must be capable of understanding, documenting, communicating, and presenting technical issues in a non-technical manner to audiences with varying degrees of technical expertisePreferred qualifications:Highly Preferred to have an Active SCISplunk Enterprise Security Admin, Splunk Certified Developer certificationExtensive experience with User activity monitoring (UAM) ,User Entity Behavior Analytics (UEBA) and DLP toolsExpertise in developing Insider Threat trigger policiesInvestigate and analyze events of interest within the SIEM, document workflows, and identify process improvements in the handling and remediation of cybersecurity eventsArcSight ESM Administrator and Analyst Certified ProfessionalIdentifies and remediates visibility gaps of cyber defense systemsExperience with Installing and administering COTS applications on RHEL Linux and/or WindowsHands-on experience with one of the enterprise cybersecurity toolsets: HBSS/ESS , Trellix and ePolicy OrchestratorHands-on experience running Tenable or vulnerability tracking/scanning systemsOther highly desired certifications: CEH , CYSA+ , GICSP, SSCP, CNDLife at CapgeminiCapgemini supports all aspects of your well-being throughout the changing stages of your life and career. For eligible employees, we offer:Healthcare including dental, vision, mental health, and well-being programsFinancial well-being programs such as 401(k) and Employee Share Ownership PlanPaid time off and paid holidaysPaid parental leaveFamily building benefits like adoption assistance, surrogacy, and cryopreservationSocial well-being benefits like subsidized backup child/elder care and tutoringMentoring, coaching, and learning programsEmployee Resource GroupsDisaster ReliefAbout CapgeminiCapgemini is a global leader in partnering with companies to transform and manage their business by harnessing the power of technology. The Group is guided every day by its purpose of unleashing human energy through technology for an inclusive and sustainable future. It is a responsible and diverse organization of over 360,000 team members in more than 50 countries. With its strong 55-year heritage and deep industry expertise, Capgemini is trusted by its clients to address the entire breadth of their business needs, from strategy and design to operations, fueled by the fast-evolving and innovative world of cloud , data, AI, connectivity, software, digital engineering and platforms. The Group reported in 2022 global revenues of €22 billion.Capgemini is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, national origin, gender identity/expression, age, religion, disability, sexual orientation, genetics, veteran status, marital status or any other characteristic protected by law.This is a general description of the Duties, Responsibilities and Qualifications required for this position. Physical, mental, sensory or environmental demands may be referenced in an attempt to communicate the manner in which this position traditionally is performed. Whenever necessary to provide individuals with disabilities an equal employment opportunity, Capgemini will consider reasonable accommodations that might involve varying job requirements and/or changing the way this job is performed, provided that such accommodations do not pose an undue hardship.Capgemini is committed to providing reasonable accommodations during our recruitment process. If you need assistance or accommodation, please reach out to your recruiting contact.Please be aware that Capgemini may capture your image (video or screenshot) during the interview process and that image may be used for verification, including during the hiring and onboarding process.Applicants for employment in the US must have valid work authorization that does not now and/or will not in the future require sponsorship of a visa for employment authorization in the US by Capgemini.Capgemini discloses salary
range information in compliance with state and local pay transparency obligations. The disclosed range represents the lowest to highest salary we, in good faith, believe we would pay for this role at the time of this posting, although we may ultimately pay more or less than the disclosed range, and the range may be modified in the future. The disclosed range takes into account the wide range of factors that are considered in making compensation decisions including, but not limited to, geographic location, relevant education, qualifications, certifications, experience, skills, seniority, performance, sales or revenue-based metrics, and business or organizational needs. At Capgemini, it is not typical for an individual to be hired at or near the top of the range for their role. The base salary range for the tagged location is [$120K- $135K].This role may be eligible for other compensation including variable compensation, bonus, or commission. Full-time regular employees are eligible for paid time off, medical/dental/vision insurance, 401(k), and any other benefits to eligible employees.Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that is allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company’s sole discretion, consistent with the law.Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
#J-18808-Ljbffr