Jobs at Sharp Solutions, Inc.

View all jobs

Threat Detection Engineer - CISA

Leesburg, VA
 
Are you someone concerned with the security of our nation? Are you driven to protect and serve? Are you skilled in cyber defense? Then SSI is the place for you. We are ensuring our nation's security in a partnership with the Department of Homeland Security. Our partnership focuses on the DHS Security Operations Center (SOC) Support Services Program where we provide around the clock cyber support focusing on some our nation's toughest threats.

Threat Detection Engineer 
Location: Leesburg, VA - Remote
Shift: Regular Days (non-shift work)

Primary Responsibilities: 

Sharp Solutions has an immediate need for a talented Cyber Threat Hunter resource to join our team on this highly visible cyber security single-award IDIQ vehicle that provides enterprise security operations center (SOC) support, cyber analysis, application development, and a 24x7x365 support staff.
 
The Threat detection engineer to join our team on a highly visible cyber security single award IDIQ vehicle. Duties include proactively searching for threats. Inspect traffic for anomalies and new malware patterns. Investigate and analyze logs. Develop custom content within the Splunk SIEM using advanced SPL language and data models) or other network security tools to detect threats and attacks against the department. SIEM Content Developers participate in briefings to provide expert guidance on new threats and will act as an escalation point for analysts. The analyst may also be required to author reports and/or interface with customers for ad-hoc requests. In addition, the threat detection engineer may be asked to participate in discussions to make recommendations on improving SOC visibility or process.
 
Basic Qualifications:
Bachelor’s Degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field PLUS at least eight (8) years of experience in incident detection and response, malware analysis, or cyber forensics
* Extensive experience working with various security methodologies and processes
* Advanced knowledge of TCP/IP protocols, experience configuring and implementing various technical security solutions, extensive experience providing analysis and trending of security log data from a large number of heterogeneous security devices
* Expert knowledge in two or more of the following areas related to cybersecurity: Vulnerability Assessment, Intrusion Prevention and Detection, Access Control and Authorization, Policy Enforcement, Application Security, Protocol Analysis, Firewall Management, Incident Response, Web-filtering, Advanced Threat Protection
* Experience developing advanced correlation rules utilizing tstats and data models for cyber threat detection
* Experienced with creating and maintaining Splunk knowledge objects
* Experienced managing and maintaining Splunk data models
* Experience creating regex for pattern matching
* Experience implementing security methodologies and SOC processes
* Department of Homeland Security (DHS) Entry on Duty (EOD) is required to support this program


Certifications- must have one of the following:
SANS GCIH (GIAC Certified Incident Handler)
SANS GCFA (GIAC Certified Forensic Analyst)
SANS GCIA (GIAC Certified Intrustion Analyst)
SANS GNFA (GIAC Network Forensic Analyst)
SANS GWAPT (GIAC Web Application Pentester)
SANS GPEN (GIAC Penetration Tester)
Offensive Security Certified Professional (OSCP)

Preferred Qualifications:
* Experience with cloud (e.g. o365, Azure, AWS, etc) security monitoring and familiar with cloud threat landscape 
* Completed Splunk Advance Searching and Reporting training 
* Experience developing custom scripts using python 
* Splunk certifications

SSi is an equal opportunity employer regardless of race, color, religion, creed, sex, marital status, national origin, disability, age, veteran status, on-the-job injury, sexual orientation, political affiliation or belief. Employment decisions are made without consideration of these or any other factors that employers are prohibited by law from considering. Any discriminatory action can be a cause for disciplinary action. SSi also prohibits discrimination against individuals with disabilities and will reasonably accommodate applicants with a disability, upon request, and will also ensure reasonable accommodation for emplo
Powered by