Posted today
Unspecified
Senior Level Career (10+ yrs experience)
$230,000 - $250,000
Full Scope Polygraph
IT - Security
McLean, VA (On/Off-Site)
EGS is looking for a Threat Detection Expert that can build frameworks from the group up.
Responsibilities:
In this role, you will be working with a commercial company's security team to create and build new solutions to challenging problems. In performing this role, you will be required to:
Work with the customer to establish a mature Insider threat monitoring capability across multiple windows, Linux, and container environments.
This person will be leading the development of new alerting frameworks
Execute a dual mandate over a designated time period to:
Develop detection logic in the customer SIEM solution.
Architecting and deploying detections from the ground up
Support the migration of logic, queries, and visualizations into a new SIEM solution.
Work with the customer to improve incident response efficiencies.
Support the Tier 1 Security Operations Team with investigations and responses.
Improve the customer's ability for early detection and mitigation of risks
Job Requirements
Qualifications:
This position requires an active TS/SCI clearance with polygraph required
Bachelor's degree in computer science, Engineering, Information Assurance, or a related discipline and 10+ years of related experience. Additional experience may be substituted for a degree.
Must have experience and expertise with SIEM solutions such as Splunk, Kabana, etc.
Must have experience with log telemetry structure and log logic in Windows, Linux, and Containerized environments.
Experience with migrating schema mappings from one SIEM solution to another.
The ability to demonstrate query language proficiencies.
Must have experience with cloud service providers i.e., Google, AWS, Azure, etc.
Have experience with the deployment and configuration of data collections from various system components that include operating systems, networking devices, and containerization platforms.
Experience creating dashboards, analytics, and alerts within SIEM tools.
Experience working with monitoring systems supporting auditing, incident response, and system health.
Experience with the OSINT framework and related tools.
Responsibilities:
In this role, you will be working with a commercial company's security team to create and build new solutions to challenging problems. In performing this role, you will be required to:
Work with the customer to establish a mature Insider threat monitoring capability across multiple windows, Linux, and container environments.
This person will be leading the development of new alerting frameworks
Execute a dual mandate over a designated time period to:
Develop detection logic in the customer SIEM solution.
Architecting and deploying detections from the ground up
Support the migration of logic, queries, and visualizations into a new SIEM solution.
Work with the customer to improve incident response efficiencies.
Support the Tier 1 Security Operations Team with investigations and responses.
Improve the customer's ability for early detection and mitigation of risks
Job Requirements
Qualifications:
This position requires an active TS/SCI clearance with polygraph required
Bachelor's degree in computer science, Engineering, Information Assurance, or a related discipline and 10+ years of related experience. Additional experience may be substituted for a degree.
Must have experience and expertise with SIEM solutions such as Splunk, Kabana, etc.
Must have experience with log telemetry structure and log logic in Windows, Linux, and Containerized environments.
Experience with migrating schema mappings from one SIEM solution to another.
The ability to demonstrate query language proficiencies.
Must have experience with cloud service providers i.e., Google, AWS, Azure, etc.
Have experience with the deployment and configuration of data collections from various system components that include operating systems, networking devices, and containerization platforms.
Experience creating dashboards, analytics, and alerts within SIEM tools.
Experience working with monitoring systems supporting auditing, incident response, and system health.
Experience with the OSINT framework and related tools.
group id: 91165794
