The Ladders
Content Developer
The Ladders, San Antonio, Texas, United States, 78208
Overview
Join our exciting 33rd team as a Content Developer. The Content Developer implements use cases based on mission requirements that provide Analysts with a manageable SIEM view of security incidents, complete with workflow and reporting. Additionally, Content Developer provides proactive housekeeping of associated content (use cases) with consideration for revisions and/or decommissioning. Content Developer works in close collaboration with DO and DM leadership to ensure tasks align with squadron requirements, priorities, and future initiatives.
As a dynamic systems integrator, SMS offers proven solutions in engineering, operations, cybersecurity, and digital transformation. With expertise in modernizing and optimizing legacy infrastructure and systems, ensuring operational efficiency, and designing, implementing, and managing secure environments, SMS supports business and mission goals with proficiency, quality, and integrity.
SMS has been serving the advanced information technology needs of the federal government since 1976, delivering talented teams and innovative, cost-effective solutions and services to support our customers' missions for more than 45 years. SMS is headquartered in McLean, Virginia, with offices and on-site operations at customer locations throughout the United States. For additional information on SMS, visit www.sms.com.
Submit your resume today!
Responsibilities
The Content Developer:Analyze DCO events.Apply current industry SIEM best-practices.Use security alerts correlated with log enrichment data to enhance the operator's ability to identify real attacks.Establish security control effectiveness and monitor for unauthorized outbound connectionsCreate detections by analyzing log data across the enterprise.Develop dashboards and visualizations to identify adversarial activity.Use log data to establish and implement virtual tripwires for early detection.Analyze and ingest security logs into the SIEM in order to optimize for performance of the SIEM.Conduct designing, implementing, and testing of various SIEM solutions.Create and support the creation of SIEM Use Cases and understand what alerts and log enrichment is necessary to meet the required acceptable false positive rate.Create, test, and validate filters and rules.Build and implement event correlation rules, logic, and content in the SIEM.Tune SIEM event correlation rules and logic to filter out security events associated with known and well-established network behavior, known false positives and/or known errors.Analyze malware threats to develop behavior-based detections that alert and/or prevent malicious activity.Automate tasks in the SIEM using a common programming or scripting language.Create scheduled and ad-hoc reporting with SEIM tools.Create and maintain SIEM documentation.Develop and execute a process to review and maintain SIEM resources such as rules, filters, lists, trends and reports.Utilize SIEM to develop metrics collection, analysis, and create reports upon request.Provide training to government personnel as requested.Provide knowledge transfer of tools, processes and procedures to government personnel as requested.Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures.Create, document, and report metrics for analysis to improve weapon system processes and mission execution.Support operational leaderships tasking as it relates to Content Development functions and responsibilitiesQualifications
Qualifications
Required:
5+ years of SIEM technology such as Arcsight, Splunk and/or ELK. Including, but not limited to, log handling, reports, filters, rule creation. Extensive knowledge with IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and Agencies (i.e., Air Force, Navy, Army, DC3, DISA).3+ years of experience with Network Traffic Analysis; ports and protocols. SANS GCDA or equivalent certification(s).Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects)Desired:
1+ year of experience with Security, Orchestration, Automation, and Response (SOAR) platforms such as Phantom and/or Demisto. Proficient in Python and PowerShell.Certifications
GCDA or MS/BS in Computer ScienceClearance
Must have and maintain an active DoD TS/SCI security clearance.
SMS is a dynamic systems integrator established in 1976, delivering talented teams and innovative, cost-effective solutions and services to support our customers' missions for more than 47 years. Our ability to hire and retain quality people in a rapidly evolving IT market is proven through our employee retention rate averaging over 3 years. At SMS, we place a high value on quality of service, customer satisfaction, and best-of-breed policies and practices, resulting in CMMI Level 3 certification and ISO registrations including 9001:2015, 20000-1:2018, and ISO/IEC 27001:2013. SMS is headquartered in McLean, Virginia, with offices and on-site operations at customer locations throughout the United States.
SMS is an Equal Opportunity Employer.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Join our exciting 33rd team as a Content Developer. The Content Developer implements use cases based on mission requirements that provide Analysts with a manageable SIEM view of security incidents, complete with workflow and reporting. Additionally, Content Developer provides proactive housekeeping of associated content (use cases) with consideration for revisions and/or decommissioning. Content Developer works in close collaboration with DO and DM leadership to ensure tasks align with squadron requirements, priorities, and future initiatives.
As a dynamic systems integrator, SMS offers proven solutions in engineering, operations, cybersecurity, and digital transformation. With expertise in modernizing and optimizing legacy infrastructure and systems, ensuring operational efficiency, and designing, implementing, and managing secure environments, SMS supports business and mission goals with proficiency, quality, and integrity.
SMS has been serving the advanced information technology needs of the federal government since 1976, delivering talented teams and innovative, cost-effective solutions and services to support our customers' missions for more than 45 years. SMS is headquartered in McLean, Virginia, with offices and on-site operations at customer locations throughout the United States. For additional information on SMS, visit www.sms.com.
Submit your resume today!
Responsibilities
The Content Developer:Analyze DCO events.Apply current industry SIEM best-practices.Use security alerts correlated with log enrichment data to enhance the operator's ability to identify real attacks.Establish security control effectiveness and monitor for unauthorized outbound connectionsCreate detections by analyzing log data across the enterprise.Develop dashboards and visualizations to identify adversarial activity.Use log data to establish and implement virtual tripwires for early detection.Analyze and ingest security logs into the SIEM in order to optimize for performance of the SIEM.Conduct designing, implementing, and testing of various SIEM solutions.Create and support the creation of SIEM Use Cases and understand what alerts and log enrichment is necessary to meet the required acceptable false positive rate.Create, test, and validate filters and rules.Build and implement event correlation rules, logic, and content in the SIEM.Tune SIEM event correlation rules and logic to filter out security events associated with known and well-established network behavior, known false positives and/or known errors.Analyze malware threats to develop behavior-based detections that alert and/or prevent malicious activity.Automate tasks in the SIEM using a common programming or scripting language.Create scheduled and ad-hoc reporting with SEIM tools.Create and maintain SIEM documentation.Develop and execute a process to review and maintain SIEM resources such as rules, filters, lists, trends and reports.Utilize SIEM to develop metrics collection, analysis, and create reports upon request.Provide training to government personnel as requested.Provide knowledge transfer of tools, processes and procedures to government personnel as requested.Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures.Create, document, and report metrics for analysis to improve weapon system processes and mission execution.Support operational leaderships tasking as it relates to Content Development functions and responsibilitiesQualifications
Qualifications
Required:
5+ years of SIEM technology such as Arcsight, Splunk and/or ELK. Including, but not limited to, log handling, reports, filters, rule creation. Extensive knowledge with IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and Agencies (i.e., Air Force, Navy, Army, DC3, DISA).3+ years of experience with Network Traffic Analysis; ports and protocols. SANS GCDA or equivalent certification(s).Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects)Desired:
1+ year of experience with Security, Orchestration, Automation, and Response (SOAR) platforms such as Phantom and/or Demisto. Proficient in Python and PowerShell.Certifications
GCDA or MS/BS in Computer ScienceClearance
Must have and maintain an active DoD TS/SCI security clearance.
SMS is a dynamic systems integrator established in 1976, delivering talented teams and innovative, cost-effective solutions and services to support our customers' missions for more than 47 years. Our ability to hire and retain quality people in a rapidly evolving IT market is proven through our employee retention rate averaging over 3 years. At SMS, we place a high value on quality of service, customer satisfaction, and best-of-breed policies and practices, resulting in CMMI Level 3 certification and ISO registrations including 9001:2015, 20000-1:2018, and ISO/IEC 27001:2013. SMS is headquartered in McLean, Virginia, with offices and on-site operations at customer locations throughout the United States.
SMS is an Equal Opportunity Employer.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.