Logo
Bristol Bay Shared Services

Signature Writer - Intermediate - Cyber Security

Bristol Bay Shared Services, San Antonio, TX

STS Systems Support, LLC (SSS) is seeking a Signature Writer - Intermediate - Cyber Security

Requirements:
  • DoDD 8570.01-M/8140.01 I AT Level III CND
  • Active TS/SCI
  • More than 3 years' experience implementing signatures on HIPS devices.
  • 3+ years' experience using Regular Expressions, YARA, and Snort-equivalent to create custom IPS/IDS signatures. BA/BS or MA/MS
  • More than three (3) years of experience implementing signatures on Host based Intrusion Protection System (HIPS) devices.
  • Proficient in PowerShell with more than one (1) year of experience.
  • Extensive knowledge of Windows internals.
  • Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects).
  • More than three years of experience using Regular Expressions, YARA, and Snortequivalent to create custom IPS/IDS signatures

Desired:
  • More than five (5) years of experience implementing behavior-based (heuristic and anomaly-based) signatures on IDS/IPS/Host based Intrusion Protection System (HIPS) devices on AF approved devices as well as DISA's Joint Regional Security Stacks (JRSS).
  • Proficient in Python and PowerShell. SANS GCFA or equivalent certification.

Duties:
  • Analyze, interpret, and utilize Regular Expressions, YARA, and Snort-like capabilities in the creation of custom signature sets.
  • Develop and document IPS/IDS SOPs. (CDRL A008)
  • Investigate intrusion events, host files, network files, and memory, to dissect and extrapolate information necessary for the development of custom signatures.
  • Analyze deployed signatures to reduce false positive rate and perform signature maintenance.
  • Create, modify, and manage, Security Orchestration and Automation workflows for operational use and execution.
  • Automate tasks using a common programming or scripting language.
  • Utilize Linux systems, UNIX/Linux shell scripting (bash), Python, PowerShell.
  • Develop, Test, Deploy, and Manage signatures, rules and filters for capabilities such as; IDS, IPS, firewall, web application firewall, proxy and SIEM systems. (CDRL A007)
  • Migrate, tune, and document existing and future AF signatures/detections to new tools and systems as they become available. (CDRL A007)
  • Provide support to external units and work centers as approved by AFCERT leadership. (CDRL A007)
  • Automate processes and procedures using scripts and SQL/database administration (CDRL A007)
  • Provide training and knowledge transfer to government personnel as requested.
  • Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
  • Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. (CDRL A002)
  • Create, document, and report metrics for analysis to improve weapon system processes and mission execution. (CDRL A009).
  • Locations: Lackland AFB, TX, Offut AFB, NE, and Maxwell AFB, AL