Posted today
Top Secret/SCI
Mid Level Career (5+ yrs experience)
$110,000 - $120,000
No Traveling
IT - Security
San Antonio, TX (On-Site/Office)
Summary Overview:
We are seeking an experienced Cyber Content Developer to support Defensive Cyber Operations (DCO) for U.S. Air Force cyber defense units. In this role, you will design, build, and maintain the SIEM detection content—the rules, alerts, dashboards, and automation—that enables analysts to quickly identify real cyber threats across the enterprise.
The ideal candidate is a knowledgeable SIEM engineer with a strong background in cybersecurity operations, log analysis, threat behavior detection, and SIEM tuning. You will work closely with cyber operators and leadership to develop high‑quality detection logic, reduce false positives, enhance situational awareness, and ensure SIEM content is optimized to support mission needs.
This is a highly impactful, mission‑critical role supporting national defense operations.
Key Responsibilities:
- Develop and maintain SIEM detections, correlation rules, filters, dashboards, and reporting.
- Analyze cyber events, logs, and network data to identify malicious activity and build new detections.
- Tune SIEM rules to reduce noise and improve accuracy for cyber analysts.
- Create “virtual tripwires” and behavior‑based detections using frameworks such as MITRE ATT&CK.
- Ingest, optimize, and enrich log data to improve SIEM performance and visibility.
- Conduct testing, validation, and documentation of SIEM content and workflows.
- Automate SIEM tasks and processes using Python, PowerShell, or similar scripting languages.
- Provide training, knowledge transfer, and operational support to government personnel.
- Maintain awareness of evolving cyber threats and incorporate new techniques into SIEM content.
Required Qualifications
- Active TS/SCI security clearance.
- DoD 8570/8140 IAT Level III / CND certification.
- 5+ years of hands‑on experience with SIEM platforms such as ArcSight, Splunk, or ELK (log handling, rule creation, dashboards, reporting).
- 3+ years of network traffic analysis (ports, protocols, IDS/IPS).
- Strong understanding of cyber threat behavior and the MITRE ATT&CK framework.
- Experience developing and tuning SIEM detections to reduce false positives.
- Bachelor’s degree in a technical field (or equivalent experience).
Desired Skills:
- Experience with SOAR tools (Phantom, Demisto, or similar).
- Proficiency in Python, PowerShell, or automation scripting.
- SANS GCDA or equivalent certification.
Company Benefits:
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following:
• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)
We are seeking an experienced Cyber Content Developer to support Defensive Cyber Operations (DCO) for U.S. Air Force cyber defense units. In this role, you will design, build, and maintain the SIEM detection content—the rules, alerts, dashboards, and automation—that enables analysts to quickly identify real cyber threats across the enterprise.
The ideal candidate is a knowledgeable SIEM engineer with a strong background in cybersecurity operations, log analysis, threat behavior detection, and SIEM tuning. You will work closely with cyber operators and leadership to develop high‑quality detection logic, reduce false positives, enhance situational awareness, and ensure SIEM content is optimized to support mission needs.
This is a highly impactful, mission‑critical role supporting national defense operations.
Key Responsibilities:
- Develop and maintain SIEM detections, correlation rules, filters, dashboards, and reporting.
- Analyze cyber events, logs, and network data to identify malicious activity and build new detections.
- Tune SIEM rules to reduce noise and improve accuracy for cyber analysts.
- Create “virtual tripwires” and behavior‑based detections using frameworks such as MITRE ATT&CK.
- Ingest, optimize, and enrich log data to improve SIEM performance and visibility.
- Conduct testing, validation, and documentation of SIEM content and workflows.
- Automate SIEM tasks and processes using Python, PowerShell, or similar scripting languages.
- Provide training, knowledge transfer, and operational support to government personnel.
- Maintain awareness of evolving cyber threats and incorporate new techniques into SIEM content.
Required Qualifications
- Active TS/SCI security clearance.
- DoD 8570/8140 IAT Level III / CND certification.
- 5+ years of hands‑on experience with SIEM platforms such as ArcSight, Splunk, or ELK (log handling, rule creation, dashboards, reporting).
- 3+ years of network traffic analysis (ports, protocols, IDS/IPS).
- Strong understanding of cyber threat behavior and the MITRE ATT&CK framework.
- Experience developing and tuning SIEM detections to reduce false positives.
- Bachelor’s degree in a technical field (or equivalent experience).
Desired Skills:
- Experience with SOAR tools (Phantom, Demisto, or similar).
- Proficiency in Python, PowerShell, or automation scripting.
- SANS GCDA or equivalent certification.
Company Benefits:
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following:
• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)
group id: 10105424
Accelerating IT transformation in the public sector
