Today
Top Secret/SCI
$130,000 - $140,000
CI Polygraph
IT - Security
Springfield, VA (On-Site/Office)
Zachary Piper Solutions is seeking a Senior Cyber SIEM Detection Engineer to support the Cyber Security Operations Center (CSOC) to detect, deter, and disrupt increasingly complex threats to protect our nation's critical information, resources, programs, and missions. This position is fully onsite in Springfield, VA.
Must have active TS/SCI CI Poly clearance
Responsibilities:
· Support Cyber Operations Squadron (COS) activities to publish up-to-date cybersecurity tool signatures (e.g. anti-virus and host based security systems)
· Provide focused analysis, including reverse malware engineering, against intrusion, anomalies, malware, viruses to identify critical information about source, intended target, affected systems or hosts, recommended mitigation measures and risk to mission
· Formulate custom Security Information and Event Management (SIEM) tool content and IDS/IPS signatures to address threats
· Performs security event and incident correlation using information gathered from a variety of sources within the enterprise
· Analyzes and assesses damage to the data / infrastructure as a result of cyber incidents
· Performs cyber incident trend analysis and reporting.
· Characterizes and performs analysis of network traffic and system data to identify anomalous activity and potential threats to resources.
· Provides detection, identification, and reporting of possible cyber-attacks/intrusions, anomalous activities, and misuse activities
· Create and deploy threat-based signatures for operational intrusion detection capabilities.
· Create and implement detection rules from intelligence reporting
Basic Qualifications:
· Bachelor's Degree or 4+ years of years of additional cyber experience in lieu of degree
· 5+ years of experience in a cyber role
· Experience with modern Windows, UNIX, network operating systems, databases, and virtual computing
· Experience with enterprise security tools, including Security information and event management (SIEM), Threat intelligence platforms (TIPs), or Network monitoring tools
· Experience with creating, modifying, tuning, IDS signatures/SIEM correlation searches and other detection signatures.
· Knowledge of implementation of countermeasures or mitigating controls.
· DoD 8570 certification meeting IAT Level II ((GSEC, Security+, SSCP, or CCNA-Security)) required
Advanced Qualifications:
Compensation:
$130,000 - $140,000 ** depending on experience and degree**
Full Benefits -Medical, Dental, Vision, 401K, Paid Holidays, PTO, Sick Leave if required by law
This job opens for applications on 9/29/2025. Applications for this job will be accepted for at least 30 days from the posting date
#LI-Onsite
#LI-GC2
Key words: Cyber Security Operations Center Support, cisco routing, switching, firewalls, Splunk, ArcSight, CSOC, Cyber Operations Squadron, COS, cyber, cyber security, cybersecurity, anti-virus, host based security systems, analysis, reverse malware engineering, intrusion, anomalies, malware, viruses, identify, intended target, affected systems, hosts, configuration, queries, dashboard creation, Snort, configuration, tuning, performance, commands, scripting, mitigation, risk, Security Information and Event Management, SIEM, IDS, IPS, signatures, threats, security, incident correlation, Analyzes, assesses, damage, data, infrastructure, cyber incidents, reporting, network traffic and system data to identify anomalous activity and potential threats to resources, detection, identification, attacks/intrusions, anomalous activities, misuse activities, deploy, intrusion, detection, intelligence, MITRE ATT&CK Framework, Threat intelligence platforms, TIPs, IAT Level II, GSEC, Security+, SSCP, CCNA-Security, Windows, UNIX, Linux, network operating systems, databases, and virtual computing
Must have active TS/SCI CI Poly clearance
Responsibilities:
· Support Cyber Operations Squadron (COS) activities to publish up-to-date cybersecurity tool signatures (e.g. anti-virus and host based security systems)
· Provide focused analysis, including reverse malware engineering, against intrusion, anomalies, malware, viruses to identify critical information about source, intended target, affected systems or hosts, recommended mitigation measures and risk to mission
· Formulate custom Security Information and Event Management (SIEM) tool content and IDS/IPS signatures to address threats
· Performs security event and incident correlation using information gathered from a variety of sources within the enterprise
· Analyzes and assesses damage to the data / infrastructure as a result of cyber incidents
· Performs cyber incident trend analysis and reporting.
· Characterizes and performs analysis of network traffic and system data to identify anomalous activity and potential threats to resources.
· Provides detection, identification, and reporting of possible cyber-attacks/intrusions, anomalous activities, and misuse activities
· Create and deploy threat-based signatures for operational intrusion detection capabilities.
· Create and implement detection rules from intelligence reporting
Basic Qualifications:
· Bachelor's Degree or 4+ years of years of additional cyber experience in lieu of degree
· 5+ years of experience in a cyber role
· Experience with modern Windows, UNIX, network operating systems, databases, and virtual computing
· Experience with enterprise security tools, including Security information and event management (SIEM), Threat intelligence platforms (TIPs), or Network monitoring tools
· Experience with creating, modifying, tuning, IDS signatures/SIEM correlation searches and other detection signatures.
· Knowledge of implementation of countermeasures or mitigating controls.
· DoD 8570 certification meeting IAT Level II ((GSEC, Security+, SSCP, or CCNA-Security)) required
Advanced Qualifications:
- Advanced skills in Linux/Unix (command line user - proficient and used in last 6 months)
- Experience performing analysis of network traffic and correlating diverse security logs to perform recommendations for signature development
- Knowledge with implementation of counter-measures or mitigating controls.
- Ability to support incident response and forensic operations as required to include static/dynamic malware analysis and reverse engineering
- Experience with enterprise security tools, including Security information and event management (SIEM), Threat intelligence platforms (TIPs), or Network monitoring tools
- Experience in creating, modifying, tuning, IDS signatures/SIEM correlation searches and other detection signatures.
- Proficient in Linux operating systems
- Working knowledge of current COTS Cybersecurity technologies.
- Familiar with MITRE ATT&CK Framework
Compensation:
$130,000 - $140,000 ** depending on experience and degree**
Full Benefits -Medical, Dental, Vision, 401K, Paid Holidays, PTO, Sick Leave if required by law
This job opens for applications on 9/29/2025. Applications for this job will be accepted for at least 30 days from the posting date
#LI-Onsite
#LI-GC2
Key words: Cyber Security Operations Center Support, cisco routing, switching, firewalls, Splunk, ArcSight, CSOC, Cyber Operations Squadron, COS, cyber, cyber security, cybersecurity, anti-virus, host based security systems, analysis, reverse malware engineering, intrusion, anomalies, malware, viruses, identify, intended target, affected systems, hosts, configuration, queries, dashboard creation, Snort, configuration, tuning, performance, commands, scripting, mitigation, risk, Security Information and Event Management, SIEM, IDS, IPS, signatures, threats, security, incident correlation, Analyzes, assesses, damage, data, infrastructure, cyber incidents, reporting, network traffic and system data to identify anomalous activity and potential threats to resources, detection, identification, attacks/intrusions, anomalous activities, misuse activities, deploy, intrusion, detection, intelligence, MITRE ATT&CK Framework, Threat intelligence platforms, TIPs, IAT Level II, GSEC, Security+, SSCP, CCNA-Security, Windows, UNIX, Linux, network operating systems, databases, and virtual computing
group id: 10430981
