Quadtec Solutions, Inc
Cybersecurity Detection Engineer SME Remote
Quadtec Solutions, Inc, Washington, District of Columbia, us, 20022
Job Description
The detection engineer blends technical skills, threat research experience, and knowledge of adversary techniques to work with new and existing data sources to create high fidelity, actionable alerts the SOC can use to quickly and effectively identify, analyze, and eradicate cybersecurity threats. This individual will be familiar with adversary Tactics, Techniques, and Procedures (TTPs), and will identify opportunities to improve the effectiveness of existing detection efforts. They will be responsible for developing methodologies to maintain and maximize the integrity and effectiveness of existing alerting through the creation, periodic review, testing, and validation of custom detection content. Additionally, they will leverage cybersecurity threat intelligence and collaborate with the SOC’s incident response teams to meet operational needs and defend against real-world threats. Minimum Qualifications
A minimum of three years of experience working in detection engineering, threat hunting, security operations, or incident response using Splunk Enterprise Security or Microsoft Sentinel. Experience with the processes to add/update/delete detection rules in Splunk Enterprise Security and Microsoft Sentinel. Proficient in detection engineering methodologies including SNORT and YARA rules. Proficient in Python programming, Bash, and PowerShell. Proficient in Splunk’s Search Processing Language, React, Kusto Query Language, and the Common Information Model (CIM). Knowledgeable and experienced in leveraging cybersecurity threat intelligence, indicators of compromise, STIX/TAXII data feeds, MITRE ATT&CK, and SIEM integrations. Conduct analysis of log files, evidence, and other information to determine best methods for identifying the perpetrator(s) of a network intrusion. Confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis. Provide technical summary of findings in accordance with established reporting procedures. Examine recovered data for information of relevance to the issue at hand. Perform file signature analysis. Perform file system forensic analysis. Collect and analyze intrusion artifacts and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. Bachelor’s Degree with at least eight (8) years’ experience in threat analysis. Knowledge of investigative implications of hardware, Operating Systems, and network technologies. Knowledge of data carving tools and techniques. Knowledge of anti-forensics tactics, techniques, and procedures. Knowledge of concepts and practices of processing digital forensic data. Skill in preserving evidence integrity according to standard operating procedures or national standards. Skill in using forensic tool suites. Skill in conducting forensic analyses in multiple operating system environments. Skill in analyzing anomalous code as malicious or benign. Skill in analyzing volatile data. Skill in processing digital evidence, to include protecting and making legally sound copies of evidence. Ability to conduct forensic analyses in and for both Windows and Unix/Linux environments. Experience briefing senior customer personnel. Ability to organize and prioritize numerous customer requests in a fast-paced deadline driven environment. Strong experience in networking principles, operating systems (Linux / Windows), and security tools such as IDS/IPS, firewalls, proxy servers and Endpoint Detection and Response (EDR). Knowledge of Windows Sysinternal Suite (including Sysmon) Unix auditd, and how to tune configuration files for identification of malicious activity. At least one of the following certifications: Splunk Enterprise Security Certified Admin credential or have passed the AZ-500 Microsoft Azure Security Technologies exam. Company Description
IT Professional Services Firm focused on Information Communications Technologies - www.quadtec.com
#J-18808-Ljbffr
The detection engineer blends technical skills, threat research experience, and knowledge of adversary techniques to work with new and existing data sources to create high fidelity, actionable alerts the SOC can use to quickly and effectively identify, analyze, and eradicate cybersecurity threats. This individual will be familiar with adversary Tactics, Techniques, and Procedures (TTPs), and will identify opportunities to improve the effectiveness of existing detection efforts. They will be responsible for developing methodologies to maintain and maximize the integrity and effectiveness of existing alerting through the creation, periodic review, testing, and validation of custom detection content. Additionally, they will leverage cybersecurity threat intelligence and collaborate with the SOC’s incident response teams to meet operational needs and defend against real-world threats. Minimum Qualifications
A minimum of three years of experience working in detection engineering, threat hunting, security operations, or incident response using Splunk Enterprise Security or Microsoft Sentinel. Experience with the processes to add/update/delete detection rules in Splunk Enterprise Security and Microsoft Sentinel. Proficient in detection engineering methodologies including SNORT and YARA rules. Proficient in Python programming, Bash, and PowerShell. Proficient in Splunk’s Search Processing Language, React, Kusto Query Language, and the Common Information Model (CIM). Knowledgeable and experienced in leveraging cybersecurity threat intelligence, indicators of compromise, STIX/TAXII data feeds, MITRE ATT&CK, and SIEM integrations. Conduct analysis of log files, evidence, and other information to determine best methods for identifying the perpetrator(s) of a network intrusion. Confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis. Provide technical summary of findings in accordance with established reporting procedures. Examine recovered data for information of relevance to the issue at hand. Perform file signature analysis. Perform file system forensic analysis. Collect and analyze intrusion artifacts and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. Bachelor’s Degree with at least eight (8) years’ experience in threat analysis. Knowledge of investigative implications of hardware, Operating Systems, and network technologies. Knowledge of data carving tools and techniques. Knowledge of anti-forensics tactics, techniques, and procedures. Knowledge of concepts and practices of processing digital forensic data. Skill in preserving evidence integrity according to standard operating procedures or national standards. Skill in using forensic tool suites. Skill in conducting forensic analyses in multiple operating system environments. Skill in analyzing anomalous code as malicious or benign. Skill in analyzing volatile data. Skill in processing digital evidence, to include protecting and making legally sound copies of evidence. Ability to conduct forensic analyses in and for both Windows and Unix/Linux environments. Experience briefing senior customer personnel. Ability to organize and prioritize numerous customer requests in a fast-paced deadline driven environment. Strong experience in networking principles, operating systems (Linux / Windows), and security tools such as IDS/IPS, firewalls, proxy servers and Endpoint Detection and Response (EDR). Knowledge of Windows Sysinternal Suite (including Sysmon) Unix auditd, and how to tune configuration files for identification of malicious activity. At least one of the following certifications: Splunk Enterprise Security Certified Admin credential or have passed the AZ-500 Microsoft Azure Security Technologies exam. Company Description
IT Professional Services Firm focused on Information Communications Technologies - www.quadtec.com
#J-18808-Ljbffr