Logo
Bristol Bay Shared Services

Cyber Data Engineer

Bristol Bay Shared Services, San Antonio, TX


STS Systems Support, LLC (SSS) is seeking a Cyber Data Engineer

Requirements:
  • Must be a U.S. Citizen with an Active TS/SCI
  • More than 3 years of relevant work experience. BA/BS or MA/MS
  • Proficient w/ Splunk Processing Language (SPL), ELK Lucene Query Syntax or other search/analytics tool.
  • Proficient with programming/scripting fundamentals - including regex, C++, Python, RHEL, Unix Scripting, and Windows PowerShell is required.
  • Linux+/Red Hat; RHEL 7.
  • More than three (3) years of relevant work experience, including experience in responding to security problems in target-rich environments, looking at security alerts, frontline analysis, and response.
  • Understanding of SIEM "Search" Language & Lucene Query Syntax. Understanding of SIEM Dashboard, Reports, Lookup Tables, and Summary Indexes.
  • Knowledge of knowing how to customize Dashboards via the XML source.
  • Experience with SIEM Apps and ELK.
  • Experience with Python Scripting. Programming experience in Python, C/C++, Java, or Go.
  • Demonstrated expertise with malware analysis, including investigations of botnet and root-kit behavior.
  • Familiarity with information security concepts (OWASP Top 10, CVEs, IoCs, TTPs, Cryptography). Network Security Devices (IDS/IPS, NGFW, WAF, NGAV). OSSEC, Snort, Suricata Experience.
  • Experience with at least one SIEM i.e Alienvault, Logrhythm, Splunk, Qradar , ELK and Firewalls such as Fortinet, Sonicwall, and Palo Alto.
  • Scanning technologies, Log collection and analysis tools (SIEM).
  • Experience with Scripting/Programming Languages (BASH, Python, Java, etc).
  • Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects).

Duties:

  • Write and develop scripts to automate the system installation of required patches and configurations to remediated identified system vulnerabilities.
  • Perform coding and development as required to augment default SIEM functionality and facilitate the intercommunications of various security controls. (CDRL A007)
  • Develops basic new cybersecurity capabilities. (CDRL A007)
  • Develop new and maintain existing Splunk, ELK or other search/analytics tool's knowledge objects (Saved searches, reports, dashboards, data models, event types, field aliases, field extractions, macros, lookups, tags) to alert on potentially malicious activity or fulfill compliance/policy requirements. (CDRL A007)
  • Ensure critical data feeds and hosts are sending data.
  • Develop, debug and maintain scripting languages.
  • Create, install and test vulnerability fixes to Windows and Unix/Linux platforms.
  • Assist/lead in conducting cybersecurity audits to ensure appropriate implementation and compliance of the security posture.
  • Perform systems security engineering and test efforts associated with implementing security controls on networking devices, databases, operating systems, hardware, and software components.
  • Develop vulnerability reports and investigation impact, resolution and verification of security vulnerabilities and patches; as well as, performing deep-dive and impact analysis into failed patch deployments. (CDRL A008)
  • Develop and provide regular reports on patch management program and overall status of patch compliance. (CDRL A008)
  • Perform and provide vulnerability assessment results and recommendations to the ESM Lead, and DO as necessary.
  • Assess known systems vulnerabilities and verify system hardening and patching activities to ensure compliance with the most current applicable Security Technical Implementation Guides (STIGs)/Security Requirements Guides (SRGs) and related checklists with no more than a 5% error rate.
  • Document, implement and prioritize patching requirements across the AFIN/AFNet enterprise. (CDRL A008)
  • Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
  • Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. (CDRL A002)
  • Create, document, and report metrics for analysis to improve weapon system processes and mission execution. (CDRL A009).
  • Support operational leaderships tasking as it relates to Systems Security Engineer functions and responsibilities