Threat Detection Engineer SME

Gray Tier Technologies is seeking a Threat Detection Engineer for a new customer on a highly-visible and strategic Cybersecurity Task Order. The Threat Detection Engineer will:

• Capture use cases from subscribers or other team members and develop correlation rules
• Utilize knowledge of latest threats and attack vectors to develop Splunk correlation rules for continuous monitoring
• Develop, manage, and maintain Splunk data models
• Review logs to determine if relevant data is present to accelerate against data models to work with existing use cases
• Develop custom regex to create custom knowledge objects
• Developing custom SPL using macros, lookups, etc., and network security signatures such as SNORT and YARA
• Develop custom dashboards and reports for customer stakeholders
  Train and mentor junior staff

Basic Qualifications: 

• Bachelor’s Degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field PLUS at least eight (8) years of experience in incident detection and response, malware analysis, or cyber forensics
• Extensive experience working with various security methodologies and processes
• Advanced knowledge of TCP/IP protocols, experience configuring and implementing various technical security solutions, extensive experience providing analysis and trending of security log data from a large number of heterogeneous security devices
• Expert knowledge in two or more of the following areas related to cybersecurity:
  Vulnerability Assessment, Intrusion Prevention and Detection, Access Control and Authorization, Policy Enforcement, Application Security, Protocol Analysis, Firewall Management, Incident Response, Web-filtering, Advanced Threat Protection
• Experience developing advanced correlation rules utilizing Stats and data models for cyber threat detection
• Experienced with creating and maintaining Splunk knowledge objects
• Experienced managing and maintaining Splunk data models
• Experience creating regex for pattern matching
• Experience implementing security methodologies and SOC processes

Preferred Qualifications: 

• Top Secret clearance
• Experience with cloud (e.g. o365, Azure, AWS, etc) security monitoring and familiar with cloud threat landscape
• Completed Splunk Advance Searching and Reporting training
• Experience developing custom scripts using python
• Splunk certifications