Bristol Bay Shared Services
Cyber Data Engineer
Bristol Bay Shared Services, San Antonio, TX
STS Systems Support, LLC (SSS) is seeking a Cyber Data Engineer
Requirements:
Duties:
Requirements:
- Must be a U.S. Citizen with an Active TS/SCI
- More than 3 years of relevant work experience. BA/BS or MA/MS
- Proficient w/ Splunk Processing Language (SPL), ELK Lucene Query Syntax or other search/analytics tool.
- Proficient with programming/scripting fundamentals - including regex, C++, Python, RHEL, Unix Scripting, and Windows PowerShell is required.
- Linux+/Red Hat; RHEL 7.
- More than three (3) years of relevant work experience, including experience in responding to security problems in target-rich environments, looking at security alerts, frontline analysis, and response.
- Understanding of SIEM "Search" Language & Lucene Query Syntax. Understanding of SIEM Dashboard, Reports, Lookup Tables, and Summary Indexes.
- Knowledge of knowing how to customize Dashboards via the XML source.
- Experience with SIEM Apps and ELK.
- Experience with Python Scripting. Programming experience in Python, C/C++, Java, or Go.
- Demonstrated expertise with malware analysis, including investigations of botnet and root-kit behavior.
- Familiarity with information security concepts (OWASP Top 10, CVEs, IoCs, TTPs, Cryptography). Network Security Devices (IDS/IPS, NGFW, WAF, NGAV). OSSEC, Snort, Suricata Experience.
- Experience with at least one SIEM i.e Alienvault, Logrhythm, Splunk, Qradar , ELK and Firewalls such as Fortinet, Sonicwall, and Palo Alto.
- Scanning technologies, Log collection and analysis tools (SIEM).
- Experience with Scripting/Programming Languages (BASH, Python, Java, etc).
- Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects).
Duties:
- Write and develop scripts to automate the system installation of required patches and configurations to remediated identified system vulnerabilities.
- Perform coding and development as required to augment default SIEM functionality and facilitate the intercommunications of various security controls. (CDRL A007)
- Develops basic new cybersecurity capabilities. (CDRL A007)
- Develop new and maintain existing Splunk, ELK or other search/analytics tool's knowledge objects (Saved searches, reports, dashboards, data models, event types, field aliases, field extractions, macros, lookups, tags) to alert on potentially malicious activity or fulfill compliance/policy requirements. (CDRL A007)
- Ensure critical data feeds and hosts are sending data.
- Develop, debug and maintain scripting languages.
- Create, install and test vulnerability fixes to Windows and Unix/Linux platforms.
- Assist/lead in conducting cybersecurity audits to ensure appropriate implementation and compliance of the security posture.
- Perform systems security engineering and test efforts associated with implementing security controls on networking devices, databases, operating systems, hardware, and software components.
- Develop vulnerability reports and investigation impact, resolution and verification of security vulnerabilities and patches; as well as, performing deep-dive and impact analysis into failed patch deployments. (CDRL A008)
- Develop and provide regular reports on patch management program and overall status of patch compliance. (CDRL A008)
- Perform and provide vulnerability assessment results and recommendations to the ESM Lead, and DO as necessary.
- Assess known systems vulnerabilities and verify system hardening and patching activities to ensure compliance with the most current applicable Security Technical Implementation Guides (STIGs)/Security Requirements Guides (SRGs) and related checklists with no more than a 5% error rate.
- Document, implement and prioritize patching requirements across the AFIN/AFNet enterprise. (CDRL A008)
- Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
- Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. (CDRL A002)
- Create, document, and report metrics for analysis to improve weapon system processes and mission execution. (CDRL A009).
- Support operational leaderships tasking as it relates to Systems Security Engineer functions and responsibilities