Content Developer - Senior

Sev1Tech is looking for the right candidate to play a role on a very large program involving network, cybersecurity, and cloud operations and engineering support services to a government customer with a significant mission for security and public safety.  The program will encompass a wide range of tasks across Program Management; Monitoring, Analysis and Incident Response; Tier 3 Engineering and O&M; and Field Engineering technical support.  Work will be executed in the National Capital Region, in Stennis, Mississippi; Chandler, Arizona; and other locations in the U.S and occasionally OCONUS.

Sev1Tech seeks a Lead Content Developer/Cyber Threat Detection Developer, utilizing Splunk Enterprise Services or other SIEM tools to pro-actively research and then apply custom detection capabilities from disparate data sources such as: cyber threat intelligence, vulnerability data, campaign and indicators of compromise. These threat detection data types will be used to develop custom security, engineering, and or applicable dashboards; validate existing and/or create new correlation rules and alerts, as well as validate the index sources of the SIEM to ensure a thorough defense in depth for the enterprise.  

Responsibilities include but are not limited to:

• Analyze data feeds and event logs
• Correlate the results with known threats, vulnerabilities, and incidents
• Create new security content and updates to Enterprise NOSC dashboards
• Develop, disseminate, and implement new security content such as Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Data Loss Prevention (DLP) correlation rules and cyber threat indicators
• Participate in Briefings to provide expert guidance on new threats and will act as an escalation point for cyber analysts and engineering leads
• Author reports and/or interface with customers for ad-hoc requests
• Participate in discussions to make recommendations on improving NOSC cyber visibility, process improvements, and reducing the incident remediation period
• Investigate and analyze all logs available within the SIEM, document workflows, and identify process improvements in the handling and remediation of cyber security events
• Leverage deep understanding of how to develop custom content within the Splunk SIEM using advanced SPL language and data models or other network security tools to detect threats and attacks
• Capture use cases from subscribers or other team members to develop custom correlation rule(s), validate and or create new dashboard(s) and validate all index sources for applicability within the Splunk environment
• Utilize knowledge of latest cyber threats and attack vectors to develop and or maintain custom Splunk correlation rules from all indexed sources to support continuous event monitoring and alerting
• Develop, manage, and maintain Splunk data models
• Review all existing network event sources to determine if relevant data is present and make technical recommendations to re-mediate any missing log components
• Review and or suggest new log and event index types as new devices are brought into the enterprise network
• Develop custom regex to create custom knowledge objects
• Developing custom SPL using macros, lookups, etc., and network security signatures such as SNORT, YARA and Zeek
• Develop custom dashboards and reports for customer stakeholders
• Train and mentor junior staff

• Bachelors in Information Technology, Computer Science, Cybersecurity or related field AND twelve (12) to fifteen (15) years of prior relevant experience
• Five (5) years of experience in developing, implementing, and managing Splunk correlation rules and content
• Must possess strong written and verbal communication skills and must be capable of the understanding, documenting, communicating and presenting technical issues in a non-technical manner to audiences with varying degrees of technical expertise
• Extensive experience working with various security methodologies and processes
• Advanced knowledge of TCP/IP protocols, experience configuring and implementing various technical security solutions, extensive experience providing analysis and trending of security log data from a large number of heterogeneous security devices
• Must have demonstrated ability to build and implement event correlation rules, logic, and content in the security information and event management system with specific experience in the Splunk environment
• Must have demonstrated ability to tune the SIEM event correlation rules and logic to filter out security events associated with known and well-established network behavior, known false positives and/or known errors
• Experience maintaining an event schema with customized security severity criteria
• Experience creating scheduled and ad-hoc reporting with SEIM tools
• Thorough and in-depth understanding of SEIM technologies and event collector deployments in the Windows and Linux operating environments
• Experience developing advanced correlation rules utilizing stats and data models for cyber threat detection
• Experience creating and maintaining Splunk knowledge objects
• Experience managing and maintaining Splunk data models
• Experience creating regex for pattern matching
• Experience implementing security methodologies and SOC processes
• Certification Requirement: One of the following certifications is required CISSP, GCIH, GCFA, GPEN, GWAPT, GCIA, or equivalent.
• Certification Requirement: Splunk Core Certified Advanced Power User certification

• Ability to provide proof of U.S. Citizenship in order to obtain a Dept of Homeland (DHS) Public Trust clearance 

Founded in 2010, Sev1Tech provides IT, engineering, and program management solutions delivery. Sev1Tech focuses on providing program and IT support services to critical missions across Federal and Commercial Clients. Our Mission is to Build better companies. Enable better government. Protect our nation. Build better humans across the country.

Join the Sev1Tech family where you can achieve great accomplishments while fostering a satisfying and rewarding career progression. Please apply directly through the website at: https://www.sev1tech.com/careers/current-openings/#/ #joinSev1tech

For any additional questions or to submit any referrals, please contact: eileen.mckenzie@sev1tech.com

Sev1Tech is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.