Cybersecurity Detection Engineer (Government)

Job Description:

This is a hybrid position with occasional visits to customer site in Washington DC.

AT&T Global Public Sector is a trusted provider of secure IP enabled cloud-based network solutions and professional services to theFederal Government. We are dedicated to recruiting developing and empowering a diverse high-performing workforce that is passionate about what they do committed to our shared values and dedicated to our customers mission.

The detection engineer blends technical skills threat research experience and knowledge of adversary techniques to work with new and existing data sources to create high fidelity actionable alerts the client SOC can use to quickly and effectively identify analyze and eradicate cybersecurity threats. This individual will be familiar with adversary Tactics Techniques and Procedures (TTPs) and will identify opportunities to improve the effectiveness of existing detection efforts. They will be responsible for developing methodologies to maintain and maximize the integrity and effectiveness of existing alerting through the creation periodic review testing and validation of custom detection content. Additionally they will leverage cybersecurity threat intelligence and collaborate with the SOCs incident response teams to meet operational needs and defend against real-world threats.

Job Duties/Responsibilities:

1. A minimum of three years of experience working in detection engineering threat hunting security operations or incident response using Splunk Enterprise Security or Microsoft Sentinel.

2. Experience with the processes to add/update/delete detection rules in Splunk Enterprise Security and Microsoft Sentinel.

3. Proficient in detection engineering methodologies including SNORT and YARA rules.

4. Proficient in Python programming Bash and PowerShell.

5. Proficient in Splunks Search Processing Language React Kusto Query Language and the Common Information Model (CIM)

6. Knowledgeable and experienced in leveraging cybersecurity threat intelligence indicators of compromise STIX/TAXII data feeds MITRE ATT&CK and SIEM integrations.

7. Strong experience in networking principles operating systems (Linux / Windows) and security tools such as IDS/IPS firewalls proxy servers and Endpoint Detection and Response (EDR).

8. Knowledge of Windows Sysinternal Suite (including Sysmon) Unix auditd and how to tune configuration files for identification of malicious activity.

9. At least one of the following certifications: Splunk Enterprise Security Certified Admin credential or have passed the AZ-500 Microsoft Azure Security Technologies exam.

Key Responsibilities:

Develop and refine detection techniques to identify malicious activities and security breaches.

Analyze descriptions of IOCs and design effective searches to detect these activities in large data sets.

Create and maintain detection content ensuring it is up-to-date with the latest threat intelligence.

Collaborate with threat hunters to continuously improve detection capabilities.

Utilize advanced Splunk query skills to develop and run complex searches and analyze security data.

Ensure the accuracy and efficiency of detection mechanisms to reduce false positives and improve response times.

Required Clearance:

Able to pass police background check. (#clearable)

Required Qualifications:

Proven experience as a Detection Engineer with a strong emphasis on detection engineering as a primary job function.

In-depth knowledge of threat hunting methodologies and experience working as a threat hunter.

Expertise in Splunk including the ability to create and optimize complex queries independently.

Demonstrated ability to analyze and interpret various data sets to identify suspicious activities.

Strong understanding of cyber security threats vulnerabilities and attack vectors.

Ability to work independently and collaboratively within a team environment.

Desired Qualifications:

Certifications related to cyber security and detection engineering (e.g. GIAC Certified Detection Analyst Splunk Certified User).

Experience in a Security Operations Center (SOC) environment specifically in a detection engineering role.

Familiarity with other security information and event management (SIEM) tools and technologies.

Note: This position is not an entry-level role. We require candidates with substantial experience in detection engineering not just occasional detection creation as part of a SOC analyst role. Candidates who have primarily worked as SOC analysts and only occasionally created detections will not be considered suitable for this role. We are looking for individuals who have demonstrated a consistent focus on detection engineering throughout their career.

Weekly Hours:

Time Type:

Location:

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age color national origin citizenship status physical or mental disability race religion creed gender sex sexual orientation gender identity and/or expression genetic information marital status status with regard to public assistance veteran status or any other characteristic protected by federal state or local law. In addition AT&T will provide reasonable accommodations for qualified individuals with disabilities.AT&T is a fair chance employer and does not initiate a background check until an offer is made.