Cyber Detections Engineer

Job Description:

The U.S. Department of Homeland Security (DHS) Customs and Border Protection (CBP) Security Operations Center (SOC) is a U.S.Government program responsible to prevent identify contain and eradicate cyber threats to CBP networks through monitoring intrusion detection and protective security services to CBP information systems including local area networks/wide area networks (LAN/WAN) commercial Internet connection public facing websites wireless mobile/cellular cloud security devices servers and workstations.The CBPSOCis responsible fortheoverall security of CBP Enterprise-wide information systems and collects investigates and reports any suspected and confirmed security violations.

Leidos is seeking an experiencedCyber Detection Engineertojoin our team. As a member of thehighlytechnical Operations Enhancement team supportingU.S.CustomsandBorder Protection (CBP)you will be responsible for in-depth technical analysis of network and endpoint logs & activity developing signatures alerts rules etc. to improve the security posture of the environment developing processes and procedures for new tools and technologies in support of the protection of the customers systems networks and assets.

Primary Responsibilities:

• Createdevelop andmaintainnew security content as the result of hunt missions penetration tests tuningrequestsand othersto include signatures alertsrulesworkflows and automation.

• Identify track and investigate high priority threat campaigns malicious actors withtheinterest capability and TacticsTechniques andProcedures (TTPs)to target the agency.

• Coordinate& leadcross functionalcollaborationto improve threat detectiondesign security content and improve overall security posture of the Enterprise.

• Proactively and iteratively search through systems and networks to detect advancedthreatsandcreate content tomonitorand alert on such activity/threats.

• Usethe MITRE ATT&CK framework to understand TTPs of adversaries threat actors APTs and threats targeting the customer agency and organize threat hunts around ATT&CK techniques and sub-techniques.

• Responsible formaintaininga comprehensive understanding of the cyber threat landscape includingidentifyingand analyzing cyber threats actors and/or activities to enhance cybersecurity posture of the organizations IT operating environment.

• Responsible forconductingcyber threat analysisidentifyingmitigation and/or remediation courses of action; developing actionable intelligence used to protect organizational IT assets; and trending cyber threat metrics for leadership situational awareness.

• Analyze host network and application logs in addition to malware and code.

• Willbe responsible fordeveloping scripts to support cyber threat detection that outputsresultsin a variety of formats such as VB scripts Python C HTMLXMLor other type mostappropriate forthe task.

• Produce high quality technical and non-technical products briefingswhitepapers etc. with minimal supervision and emphasis on effective/accuratereporting on product topics.

• Maintain the daily battle rhythm for theDetection EngineeringTeam with an emphasis on adherence to deadlines attention to detail and clear/concise communication with the customer and stakeholders.

Willbe responsible for:

• Developing creating andmaintainingsecurity content for deployment on tools and technologies across the enterprise environment.

• Identifying tracking and investigatinghigh priority threat campaigns malicious actors withthe interest capability and TacticsTechniques andProcedures (TTPs)to create security content and tune alerts signatures and rules.

• Use the MITRE ATT&CK framework to understand TTPs of adversaries threat actors APTs and threats targeting the customer agency and organize threat hunts around ATT&CK techniques and sub-techniques.

• Author technical and non-technical reports and briefings to ensure leadership awareness of findings and observations.

• Create daily weeklyand monthly reports and metrics for products and briefings.

• Process technical data from various sources and fuse the data with intelligence reporting to improve the security posture of the customer as well as manage ThreatHunttools.

Basic Qualifications:

• Musthave aBachelors degree inComputer Science Engineering Information Technology Cybersecurity or arelated field anda minimum of15years of professional experience in incident detection and response malware analysiscyberthreathuntingor cyber forensics.

• Have2yearsrecent experience with host-based and network-based security monitoring using cybersecurity capabilities.

• Must be experienced developing scripts to support cyber threat detection that outputsresultsin a variety of formats such as VB scripts Python C HTML XML orother.

• Established experience with incident response and SIEM tools host-based logs network-based logs and regex.

• Ability to work independently with minimal direction; self-starter/self-motivated.

Required certifications:

The candidate should have atminimumONE of the following certifications:

• CompTIA Cyber Security Analyst (CySA)

• CompTIA Linux Network Professional (CLNP)

• CompTIA Pentest

• CompTIA Cybersecurity Analyst (CySA)

• GPEN PenetrationTester

• GWAPT Web Application Penetration Tester

• GSNA System andNetwork Auditor

• GISF SecurityFundamentals

• GXPN Exploit Researcher and Advanced PenetrationTester

• GWEB Web ApplicationDefender

• GNFA Network ForensicAnalyst

• GMON Continuous Monitoring Certification

• GCTI Cyber Threat Intelligence

• GOSI Open SourceIntelligence

• OSCP (CertifiedProfessional)

• OSCE (Certified Expert)

• OSWP (WirelessProfessional)

• OSEE (Exploitation Expert)

• CCFP Certified Cyber Forensics Professional

• CISSP Certified Information SystemsSecurity

• CEH Certified EthicalHacker

• CHFI Computer Hacking Forensic Investigator

• LPT Licensed PenetrationTester

• CSA EC Council Certified SOC Analyst (Previously ECSA EC-Council Certified Security Analyst)

• ENSA EC-Council Network Security Administrator

• ECIH EC-Council Certified Incident Handler

• ECSS EC-Council Certified Security Specialist

• ECES EC-Council Certified Encryption Specialist

Preferred Qualifications:

• A minimum of15years of hands-on experience with experience in the last2years that includes host-based and network-based security monitoring using cybersecurity capabilities.

• Demonstrated experience planningexecuting andparticipatinginthreat hunt missions.

• PreviousDOD IC or Law Enforcement Intelligence or Counterintelligence Training/Experience

• Understanding of complex Enterprise networks to include routing switching firewalls proxies load balancers.

• Working knowledge of common (HTTP DNS SMBetc) networking protocols

• Familiaritywith operation of both Windows and Linux based systems.

• Proficient with scripting languages such as Python or PowerShell

• Familiarity with Splunk Search Processing Language (SPL) and/or Elastic Domain Specific Language (DSL)

Clearance:

• All Department of Homeland Security CBP SOC employeesare requiredtofavorablypass a 5-year (BI) Background Investigation

• The candidate must currentlypossessaTop SecretClearance with the ability to obtain a Top Secret/SCI Clearance