Info Security Analyst IV (Cyber Detection Engineer) at Softworld Inc
Reston, VA
About the Job
Job Title: Info Security Analyst IV (Cyber Detection Engineer)
Job Location: Fairmont West Virginia 20190
Onsite Requirements:
- SIEM
- Security Sensors
- ANY SOC experience.
Job Description:
- The Cyber Detection Engineer will develop detections based on intelligence available, then research and assist in implementing new detection methods.
- This Detection Engineer will ensure that malicious activity will be detected within the environment.
- The DE is responsible for quality assurance of detections including filtering for potential false positives, mapping detections to MITRE ATT&CK framework, and specific campaigns/APTs when applicable.
- The Detection Engineer will work closely with other analysts to ensure detections are relevant to the current threat landscape.
- DE will work closely with the SIEM team to make recommendations for tuning and detection enhancements.
- The DE will evaluate the quality of data resulting from detections and ensure that the output of a detection leads to a meaningful investigation.
- Configure tools to detect atomic, computed, or behavioral indicators based on generated tactical intelligence across SOC's detection sensors such as Logging Infrastructure (SIEM, Connector/Forwarder, Data Stream Processing, etc.), Security Sensors (NIDS/NIPS, EDR, Email Protection, etc.), or SOAR.
- Develop and implement detection feedback processes e.g., tuning false positives, etc.
- Use machine learning and pattern analysis to improve detection of specific types of threats.
Qualifications:
- 8+ years of prior relevant experience to operate within the scope contemplated by the level; combination of education, experience and certifications will be considered as part of qualification assessment.
- Prior experience performing as a SOC analyst.
- Prior experience performing similar application security functions.
- Strong analytical and troubleshooting skills.
- Excellent written and verbal communication skills
- Team player
- CEH, GCIH, or relevant IT technology certification
Preferred Qualifications:
- Upbeat and positive attitude
- Hands-on cybersecurity experience.
- Demonstrated understanding of the life cycle of cybersecurity threats, attacks, attack vector, and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
- Familiarity with the NOAA mission.