Client is actively seeking a talented and motivated individual to fill the important role of Cybersecurity Detection Content Developer. This new team member will play a crucial part in enhancing our cybersecurity efforts by developing and refining detection content that strengthens our defenses against a wide array of cyber threats. We invite skilled professionals who are passionate about cybersecurity to consider joining our dedicated team.
Develop robust security monitoring content, including dashboards and alerts, using SIEM and other network security tools (Hybrid/Cloud) to identify threats, suspicious behaviors, and potential incidents, while supporting analytical investigations.
• Regularly assess and refine both custom and out-of-the-box (OOTB) detection content for monitoring diverse on-premises and cloud service environments in support of SOC operations.
• Act as the principal cyber security content subject matter expert (SME) to collaborate with various teams for activities such as threat intelligence, hunting operations, red team initiatives, identity management, security architecture assessments, logging issues, and managing detection content to identify vulnerabilities and enhance the organization’s security monitoring capabilities.
Log Analysis:
• Address issues in production, and other testing and development environments, employing debugging and problem-solving techniques (e.g., log analysis, non-intrusive testing).
• Utilize independent critical thinking to interpret and analyze threat intelligence data, recent threats, potential attack vectors, tactics, techniques, and procedures (TTPs) to determine optimal response and remediation strategies through content development.
• Analyze log files from multiple sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to pinpoint potential threats and vulnerabilities affecting the organization.
Documentation and Process Improvement:
• Create technical documentation, which includes, but is not limited to, content creation, content/rule review processes, language-specific queries for diverse log sources, visibility issues in network/security, detection gaps, standard operating procedures (SOPs), and monitoring strategies.
• Maintain consistent and effective communication across teams and management regarding completed tasks, encountered obstacles, and identified opportunities for process improvements.
• Over 7 years of experience in cyber security operations and SIEM technologies, holding a senior analyst or supervisory position.
• Expertise in content creation concepts, content management, testing, implementation, revision cycles, and complex cybersecurity threat analysis.
• Proficient in monitoring and analyzing logs and alerts from a wide range of technologies and sources, including but not limited to IDS/IPS, firewalls, proxies, network/host, anti-virus, operating system events, application/database, EDR, NDR, Cloud (IaaS, PaaS, SaaS).
• Highly skilled in developing intricate detection content utilizing various data sources and query languages, such as custom SPL (macros, lookups, regex), SNORT, YARA, and KQL.
• Experience analyzing security systems and understanding how changes in the environment or operations can impact monitoring content.
• Knowledge in applying cybersecurity and privacy principles that pertain to organizational requirements (e.g., confidentiality, integrity, availability, authentication, non-repudiation).
• In-depth knowledge of security architectures, devices, proxies, firewalls, and various system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injection attacks, race conditions, covert channels, replay attacks, return-oriented attacks, and malicious code).
• Comprehensive understanding of blue team/red team processes and associated technologies with relevance to custom content development.
• Exceptional verbal and written communication skills for presenting complex findings, conclusions, alternatives, and information clearly and concisely to all levels of management, supervisors, stakeholders, and vendors, supported by advanced research, analytical, and problem-solving skills.
Forensic Analysis, Malware analysis, SIEM, Cloud, and the content development lifecycle
development of cyber defense detections
certifications
Client offers an inclusive community where diversity in all its forms is embraced, respected, and recognized as a true asset to the company. We are dedicated to fostering this inclusive environment, though we acknowledge that there is always room for improvement. Client is committed to evolving into a more inclusive and equitable organization, upholding the principles of equal employment opportunity and affirmative action.
Client is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment based on gender, gender identity or expression, sexual orientation, race, age, religion, physical or mental disability, veteran status, or other protected characteristics under federal, state, and local laws.
As a federal contractor, Client has implemented affirmative action programs to ensure non-discrimination and promote affirmative action in our policies and practices for qualified women, minorities, protected veterans, and individuals with disabilities. The narrative portion of Client's affirmative action plans is available for inspection at our offices during normal business hours. Employees and applicants interested in reviewing these plans should contact RBPRSLLC for assistance.
If you are interested in applying for a position with Client and require special assistance or accommodation to apply for a posted position, please contact RB@RBPRSLL.COM.
Exceptional People, Outstanding Benefits
Exceptional people are the cornerstone of any successful company. To attract and retain such talent, Client provides fulfilling work opportunities that complement a balanced lifestyle. We achieve this by offering exceptional benefits, enabling our employees to live and work well.