Posted 2 days ago
Top Secret/SCI
$220,000 - $250,000
Full Scope Polygraph
ashburn rd, VA (On-Site/Office)
Job Title : Threat Detection Expert
Location: Mclean, VA
Duration: Full Time Direct Hire Employment
Security Clearance : Active Top Secret/SCI Clearance with Full Scope Polygraph
Salary Range : $220,000 - $250,000 Per Annum
Responsibilities:
In this role, you will be working with a commercial company's security team to create and build new solutions to challenging problems. In performing this role, you will be required to:
Must Have Qualifications:
Location: Mclean, VA
Duration: Full Time Direct Hire Employment
Security Clearance : Active Top Secret/SCI Clearance with Full Scope Polygraph
Salary Range : $220,000 - $250,000 Per Annum
Responsibilities:
In this role, you will be working with a commercial company's security team to create and build new solutions to challenging problems. In performing this role, you will be required to:
- Work with the customer to establish a mature Insider threat monitoring capability across multiple windows, Linux, and container environments.
- This person will be leading the development of new alerting frameworks
- Execute a dual mandate over a designated time period to:
- Develop detection logic in the customer SIEM solution.
- Architecting and deploying detections from the ground up
- Support the migration of logic, queries, and visualizations into a new SIEM solution.
- Work with the customer to improve incident response efficiencies.
- Support the Tier 1 Security Operations Team with investigations and responses.
- Improve the customer's ability for early detection and mitigation of risks
Must Have Qualifications:
- This position requires an active TS/SCI clearance with Full Scope polygraph.
- Specialist with architecting and deploying new frameworks from the ground up.
- Bachelor's degree in computer science, Engineering, Information Assurance, or a related discipline and 10+ years of related experience. Additional experience may be substituted for a degree.
- Must have experience and expertise with SIEM solutions such as Splunk, Kabana, etc.
- Must have experience with log telemetry structure and log logic in Windows, Linux, and Containerized environments.
- Experience with migrating schema mappings from one SIEM solution to another.
- The ability to demonstrate query language proficiencies.
- Must have experience with cloud service providers i.e., Google, AWS, Azure, etc.
- Have experience with the deployment and configuration of data collections from various system components that include operating systems, networking devices, and containerization platforms.
- Experience creating dashboards, analytics, and alerts within SIEM tools.
- Experience working with monitoring systems supporting auditing, incident response, and system health.
- Experience with the OSINT framework and related tools.
- Working in an air gapped environment
- Analyze user behavior and how to create alerts from scratch
- Comfortable with both Splunk and ELK
group id: artech
