Logo
Leidos

Leidos is hiring: Cybersecurity Content Developer in Arlington

Leidos, Arlington, VA, United States, 22201

Save Job

Description

Leidos is looking for a skilled Cybersecurity Content Developer to enhance our team on a prominent cyber security initiative. The core responsibilities involve identifying threats, analyzing logs for anomalies, and developing tailored content within the Splunk SIEM using advanced SPL language and data models, along with other security tools. As a Content Developer, you will participate in briefings to offer expert advice on evolving cyber threats and serve as a point of escalation for analysts. You may also be tasked with authoring reports and engaging with customers for specific requests. Additionally, your expertise will be sought in discussions aimed at enhancing SOC visibility or processes.

Primary Responsibilities

  • Work closely with subscribers and team members to capture and develop applicable correlation rules.

  • Stay updated on emerging threats and attack methods to create effective Splunk correlation rules for ongoing monitoring.

  • Manage and maintain Splunk data models to ensure data integrity and monitoring effectiveness.

  • Review logs to verify the presence of relevant data that aligns with use cases for data models.

  • Create custom regex patterns to enhance knowledge objects.

  • Utilize macros, lookups, and network security signatures such as SNORT and YARA to develop advanced SPL.

  • Design and implement custom dashboards and reports for stakeholders.

  • Provide training and mentorship to junior team members.

  • If residing within 50 miles of Arlington, VA, candidates will be expected to work onsite five days a week.

Basic Qualifications:

  • Bachelor's Degree in Computer Science, Engineering, Information Technology, Cybersecurity, or a related field with 12+ years of experience, or a Master's Degree with 10 years of experience, including at least eight (8) years in incident detection and response, malware analysis, or cyber forensics.

  • Extensive proficiency with security methodologies and processes.

  • Advanced understanding of TCP/IP protocols, plus hands-on experience with security solutions and analyzing security log data from diverse devices.

  • Expertise in two or more cybersecurity domains such as Vulnerability Assessment, Intrusion Prevention, Access Control, Policy Enforcement, Application Security, Protocol Analysis, Firewall Management, Incident Response, Web-filtering, and Advanced Threat Protection.

  • Experience developing advanced correlation rules utilizing tstats and data models.

  • Proficient in creating and managing Splunk knowledge objects and data models.

  • Skilled in creating regex for pattern matching.

  • Familiarity with security methodologies and SOC processes.

Preferred Qualifications:

  • Experience with cloud security monitoring for platforms like O365, Azure, or AWS, and knowledge of cloud threat landscapes.

  • Completed advanced training in Splunk Searching and Reporting.

  • Proficient in developing custom scripts using Python.

  • Relevant Splunk certifications.

Original Posting Date: 2024-12-18

This job requisition is expected to remain open for at least 3 days, closing no earlier than 3 days after the original posting date.

Pay Range:

Pay range: $126,100.00 - $227,950.00

The pay range provided is a general guideline and not a guarantee of compensation. Factors influencing the offer include job responsibilities, education, experience, skills, and internal equity.