Bristol Bay Shared Services
Signature Writer - Intermediate - Cyber Security
Bristol Bay Shared Services, San Antonio, Texas, United States, 78208
STS Systems Support, LLC (SSS) is seeking a Signature Writer - Intermediate - Cyber Security
Requirements:
DoDD 8570.01-M/8140.01 I AT Level III CNDActive TS/SCIMore than 3 years' experience implementing signatures on HIPS devices.3+ years' experience using Regular Expressions, YARA, and Snort-equivalent to create custom IPS/IDS signatures. BA/BS or MA/MSMore than three (3) years of experience implementing signatures on Host based Intrusion Protection System (HIPS) devices.Proficient in PowerShell with more than one (1) year of experience.Extensive knowledge of Windows internals.Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects).More than three years of experience using Regular Expressions, YARA, and Snortequivalent to create custom IPS/IDS signaturesDesired:
More than five (5) years of experience implementing behavior-based (heuristic and anomaly-based) signatures on IDS/IPS/Host based Intrusion Protection System (HIPS) devices on AF approved devices as well as DISA's Joint Regional Security Stacks (JRSS).Proficient in Python and PowerShell. SANS GCFA or equivalent certification.Duties:
Analyze, interpret, and utilize Regular Expressions, YARA, and Snort-like capabilities in the creation of custom signature sets.Develop and document IPS/IDS SOPs. (CDRL A008)Investigate intrusion events, host files, network files, and memory, to dissect and extrapolate information necessary for the development of custom signatures.Analyze deployed signatures to reduce false positive rate and perform signature maintenance.Create, modify, and manage, Security Orchestration and Automation workflows for operational use and execution.Automate tasks using a common programming or scripting language.Utilize Linux systems, UNIX/Linux shell scripting (bash), Python, PowerShell.Develop, Test, Deploy, and Manage signatures, rules and filters for capabilities such as; IDS, IPS, firewall, web application firewall, proxy and SIEM systems. (CDRL A007)Migrate, tune, and document existing and future AF signatures/detections to new tools and systems as they become available. (CDRL A007)Provide support to external units and work centers as approved by AFCERT leadership. (CDRL A007)Automate processes and procedures using scripts and SQL/database administration (CDRL A007)Provide training and knowledge transfer to government personnel as requested.Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. (CDRL A002)Create, document, and report metrics for analysis to improve weapon system processes and mission execution. (CDRL A009).Locations: Lackland AFB, TX, Offut AFB, NE, and Maxwell AFB, AL
Requirements:
DoDD 8570.01-M/8140.01 I AT Level III CNDActive TS/SCIMore than 3 years' experience implementing signatures on HIPS devices.3+ years' experience using Regular Expressions, YARA, and Snort-equivalent to create custom IPS/IDS signatures. BA/BS or MA/MSMore than three (3) years of experience implementing signatures on Host based Intrusion Protection System (HIPS) devices.Proficient in PowerShell with more than one (1) year of experience.Extensive knowledge of Windows internals.Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects).More than three years of experience using Regular Expressions, YARA, and Snortequivalent to create custom IPS/IDS signaturesDesired:
More than five (5) years of experience implementing behavior-based (heuristic and anomaly-based) signatures on IDS/IPS/Host based Intrusion Protection System (HIPS) devices on AF approved devices as well as DISA's Joint Regional Security Stacks (JRSS).Proficient in Python and PowerShell. SANS GCFA or equivalent certification.Duties:
Analyze, interpret, and utilize Regular Expressions, YARA, and Snort-like capabilities in the creation of custom signature sets.Develop and document IPS/IDS SOPs. (CDRL A008)Investigate intrusion events, host files, network files, and memory, to dissect and extrapolate information necessary for the development of custom signatures.Analyze deployed signatures to reduce false positive rate and perform signature maintenance.Create, modify, and manage, Security Orchestration and Automation workflows for operational use and execution.Automate tasks using a common programming or scripting language.Utilize Linux systems, UNIX/Linux shell scripting (bash), Python, PowerShell.Develop, Test, Deploy, and Manage signatures, rules and filters for capabilities such as; IDS, IPS, firewall, web application firewall, proxy and SIEM systems. (CDRL A007)Migrate, tune, and document existing and future AF signatures/detections to new tools and systems as they become available. (CDRL A007)Provide support to external units and work centers as approved by AFCERT leadership. (CDRL A007)Automate processes and procedures using scripts and SQL/database administration (CDRL A007)Provide training and knowledge transfer to government personnel as requested.Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. (CDRL A002)Create, document, and report metrics for analysis to improve weapon system processes and mission execution. (CDRL A009).Locations: Lackland AFB, TX, Offut AFB, NE, and Maxwell AFB, AL