Cybersecurity Threat Detection Specialist
2 months ago
Capgemini Government Solutions is seeking a highly skilled Cybersecurity Threat Detection Specialist to join our team in supporting our government clients. This role requires a Content Developer to provide support for onsite Insider Threat support services, providing immediate investigation and resolution. Any qualified Cyber Threat Detection Specialist will need to have an active Top-Secret clearance with SCI eligibility.
Key Responsibilities- Develop and Implement SIEM Solutions: Develop, implement, maintain, and support SIEM dashboards, reports, alerts, and knowledge objects.
- Create Custom Correlation Rules: Create baselines, queries, dashboards, and visualization to support customer requirements shared with the SecOps and operational teams to identify trends, etc.
- Manage and Administer Security Solutions: Manage and administer the tuning of rules, triggers, policies, signatures, and custom content for specialized CND applications and systems.
- Apply Advanced Threat Detection Techniques: Apply knowledge of regular expressions to create extractions and apply working knowledge of Power Shell or other scripting language(s).
- Develop and Maintain Custom Correlation Rules: Utilize knowledge of latest cyber threats and attack vectors to develop and or maintain custom correlation rules from all indexed sources to support continuous event monitoring and alerting.
- Participate in Security Discussions: Participate in discussions to make recommendations on improving SOC cyber visibility, process improvements, and reducing the incident remediation period.
- Review and Enhance Security Solutions: Review all existing network event collections to determine if relevant data is present and make technical recommendations to develop or enhance alerting actions.
- Deliver Forward-Thinking Solutions: Enhance customer's ability to accomplish mission initiatives by delivering forward-thinking solutions that are not defined by requirements.
- Author Reports and Interface with Customers: Author reports and/or interface with customers for ad-hoc requests.
- Provide Expert Guidance and Mentorship: Provide expert guidance and mentorship to junior analysts.
- US Citizenship and Top-Secret Clearance: US Citizen. Must have an active Top-Secret clearance (SCI eligible).
- Education and Experience: Bachelor's degree in computer science, Information Technology, or a related field, or equivalent work experience.
- SIEM Experience: Five years of experience in developing, implementing, and managing SIEM correlation rules and content (such as Splunk, ArcSight, Kibana, LogRhythm).
- Technical Skills: Experience with writing audit log parsers for SIEM data structures such as ArcSight's CEF or Splunk's SPL.
- Advanced Knowledge of Security Protocols: Advanced knowledge of TCP/IP (Transport protocols geared to Network Engineering – Maybe change to encryption methods e.g. SSL/TLS and PKI) protocols, experience configuring and implementing various technical security solutions, extensive experience providing analysis and trending of security log data from security devices.
- SIEM Tuning and Logic: Must have demonstrated the ability to tune the SIEM event correlation rules and logic to filter out security events associated with known and well-established network behavior, known false positives, and/or known errors.
- Correlation Rules and Data Models: Experience developing advanced correlation rules utilizing stats and data models for cyber threat detection.
- Network Monitoring Tools: Experience with Network Monitoring Tools such as proxy, load balancing, IDS/IPS, and packet capturing tools.
- Scripting and Automation: Experience in a scripting language (e.g. Bash, Powershell, etc) and automating SOC processes/workflow.
- Security Methodologies and SOC Processes: Experience implementing security methodologies and SOC processes.
- Problem-Solving and Critical Thinking: Ability to effectively work independently and as a team member, with excellent problem-solving, critical thinking, and analytical skills with the ability to de-construct problems.
- Work Experience: Work experience with Security Operations Center (SOC) or Industry Red Team.
- Communication Skills: Must possess strong written and verbal communication skills and must be capable of understanding, documenting, communicating, and presenting technical issues in a non-technical manner to audiences with varying degrees of technical expertise.
- Active SCI Clearance: Highly Preferred to have an Active SCI.
- Splunk Certification: Splunk Enterprise Security Admin, Splunk Certified Developer certification.
- UAM, UEBA, and DLP Tools: Extensive experience with User activity monitoring (UAM),User Entity Behavior Analytics (UEBA) and DLP tools.
- Insider Threat Trigger Policies: Expertise in developing Insider Threat trigger policies.
- Event Analysis and Remediation: Investigate and analyze events of interest within the SIEM, document workflows, and identify process improvements in the handling and remediation of cybersecurity events.
- Visibility Gaps and Cyber Defense Systems: Identifies and remediates visibility gaps of cyber defense systems.
- COTS Applications and Linux/Windows Administration: Experience with Installing and administering COTS applications on RHEL Linux and/or Windows.
- Enterprise Cybersecurity Toolsets: Hands-on experience with one of the enterprise cybersecurity toolsets: HBSS/ESS, Trellix and ePolicy Orchestrator.
- Vulnerability Tracking and Scanning Systems: Hands-on experience running Tenable or vulnerability tracking/scanning systems.
- Certifications: Other highly desired certifications: CEH, CYSA+, GICSP, SSCP, CND.
Capgemini Government Solutions is a global leader in partnering with companies to transform and manage their business by harnessing the power of technology. The Group is guided every day by its purpose of unleashing human energy through technology for an inclusive and sustainable future. It is a responsible and diverse organization of over 360,000 team members in more than 50 countries. With its strong 55-year heritage and deep industry expertise, Capgemini is trusted by its clients to address the entire breadth of their business needs, from strategy and design to operations, fueled by the fast-evolving and innovative world of cloud, data, AI, connectivity, software, digital engineering and platforms. The Group reported in 2022 global revenues of €22 billion.
-
Cybersecurity Threat Detection Developer
2 weeks ago
Washington, United States Capgemini Government Solutions Full timeCybersecurity Threat Detection DeveloperCapgemini Government Solutions is seeking a highly skilled Cybersecurity Threat Detection Developer to join our team. As a Cybersecurity Threat Detection Developer, you will be responsible for developing, implementing, and maintaining SIEM correlation rules and content to support our government clients.Develop and...
-
Cyber Threat Detection Specialist
2 weeks ago
Washington, Washington, D.C., United States Capgemini Government Solutions LLC Full timeCapgemini Government Solutions LLC is seeking a skilled Cyber Threat Detection Specialist to support government clients. The ideal candidate will have experience in developing and implementing SIEM correlation rules, managing rule and policy tuning, and utilizing the latest cyber threat knowledge to support continuous event monitoring and alerting.Key...
-
Cybersecurity Threat Hunter
2 weeks ago
Washington, Washington, D.C., United States The Tatitlek Corporation Full timeCybersecurity Threat HunterThe Tatitlek Corporation is seeking a skilled Cybersecurity Threat Hunter to join our team. As a key member of our cybersecurity team, you will be responsible for identifying and mitigating potential security threats to our systems and data.Key Responsibilities:Develop and implement threat hunting strategies to identify and...
-
Cybersecurity Threat Hunter
7 days ago
Washington, Washington, D.C., United States The Tatitlek Corporation Full timeJob SummaryThe Tatitlek Corporation is seeking a skilled Cybersecurity Threat Hunter to join our team. As a key member of our security operations team, you will be responsible for identifying and mitigating cybersecurity threats using advanced threat intelligence and detection techniques.Key ResponsibilitiesDevelop and implement threat hunting strategies to...
-
Cybersecurity Detection Engineer
3 months ago
Washington, United States The Tatitlek Corporation Full timeOverview The detection engineer blends technical skills, threat research experience, and knowledge of adversary techniques to work with new and existing data sources to create high fidelity, actionable alerts the ITSO SOC can use to quickly and effectively identify, analyze, and eradicate cybersecurity threats. This individual will be familiar with adversary...
-
Cybersecurity Threat Hunter
2 weeks ago
Washington, United States Marvell Semiconductor, Inc. Full timeAbout Marvell Semiconductor, Inc.Marvell Semiconductor, Inc. is a leading provider of semiconductor solutions for the data infrastructure that connects our world. Our innovative technology enables new possibilities across enterprise, cloud, and AI, automotive, and carrier architectures.Job DescriptionWe are seeking a highly skilled Cybersecurity Threat...
-
Cybersecurity Threat Hunt Lead
1 week ago
Washington, Washington, D.C., United States Valiant Solutions Full timeJob Title: Cybersecurity Threat Hunt LeadAbout the Role:Valiant Solutions is seeking a highly skilled Cybersecurity Threat Hunt Lead to join our rapidly growing and innovative cybersecurity team in the Washington DC area. As a key member of our team, you will be responsible for leading proactive threat-hunting initiatives, overseeing a team of threat...
-
Cybersecurity Threat Simulation Specialist
2 weeks ago
Washington, Washington, D.C., United States ShorePoint Full timeJob OverviewShorePoint is a leading cybersecurity services firm seeking a skilled Blue Team Engineer to conduct threat simulations and contribute to the defense of high-profile environments.This is a unique opportunity to shape the growth and culture of a fast-growing company in the cybersecurity market.Develop and execute threat simulation plans to...
-
Cybersecurity Specialist
1 week ago
Washington, Washington, D.C., United States MindPoint Group Full timeJob Title: Cybersecurity SpecialistWe are seeking a highly skilled Cybersecurity Specialist to join our team at MindPoint Group. As a Cybersecurity Specialist, you will play a critical role in conducting in-depth analyses and responding to incidents of potential cyber threats facing our clients.In this role, you will utilize security tools to analyze,...
-
Cybersecurity Threat Hunter
2 weeks ago
Washington, Washington, D.C., United States Trustwave Holdings, Inc. Full timeJob SummaryWe are seeking a highly skilled Cybersecurity Threat Hunter to join our team at Trustwave. As a Threat Hunter, you will be responsible for conducting threat hunts, investigations, and containment activities to identify and mitigate potential security threats.You will work closely with our client in Washington D.C. to deliver threat hunting...
-
Cybersecurity Operations Specialist
2 weeks ago
Washington, Washington, D.C., United States Alpha Omega Integration, LLC Full timeJob Title: Cybersecurity Operations SpecialistAlpha Omega Integration, LLC is seeking a highly skilled Cybersecurity Operations Specialist to join our team. The ideal candidate will have hands-on experience monitoring, detecting, and analyzing threats and cybersecurity events to identify and defend against validated intrusion events.Responsibilities:Monitor...
-
Cybersecurity Specialist
2 weeks ago
Washington, Washington, D.C., United States Aloden, Inc. Full timeJob Title: Cybersecurity SpecialistJob Summary:We are seeking a highly skilled Cybersecurity Specialist to join our team at Aloden, Inc. The ideal candidate will have a strong background in SIEM and security operations, with experience in Splunk, Palo Alto Cortex, and CrowdStrike. Additionally, they should have a solid understanding of threat modeling and...
-
Cybersecurity Specialist
2 weeks ago
Washington, Washington, D.C., United States MindPoint Group Full timeJob Title: Cybersecurity SpecialistJob Summary:MindPoint Group is seeking a highly skilled Cybersecurity Specialist to join our team. As a Cybersecurity Specialist, you will play a critical role in conducting in-depth analyses and responding to incidents of potential cyber threats facing our clients.Responsibilities:Utilize security tools to analyze,...
-
Cybersecurity Operations Specialist
1 week ago
Washington, Washington, D.C., United States Aloden, Inc. Full timeJob Title: Cybersecurity Operations SpecialistAbout the Role:Aloden, Inc. is seeking a highly skilled Cybersecurity Operations Specialist to join our team. As a key member of our security operations team, you will be responsible for monitoring and analyzing security-related data from various sources, including SIEM systems, threat intelligence feeds, and...
-
Cybersecurity Principal Specialist
1 week ago
Washington, Washington, D.C., United States United States Senate Full timeAbout the RoleThe United States Senate is seeking a highly skilled Cybersecurity Principal Specialist to join our team. As a key member of our cybersecurity department, you will be responsible for leading proactive hunts based on advanced adversary tactics, techniques, and procedures (TTPs) and evaluating anomalous activity to determine its maliciousness.Key...
-
Threat Intelligence Specialist
4 weeks ago
Washington, Washington, D.C., United States Lateral Insights LLC Full timeRole: Threat Detection Engineer / Threat HunterWe seek a skilled Threat Hunter / Threat Engineer to join our team at Lateral Insights LLC. In this role, you will navigate the complex landscape of cybersecurity threats to identify and mitigate potential risks.Key Responsibilities:Develop and implement threat detection strategies to identify and respond to...
-
Cybersecurity Operations Specialist
2 weeks ago
Washington, Washington, D.C., United States Alpha Omega Integration, LLC Full timeJob Title: Top Secret IT Security SpecialistLocation: Department of Treasury – Main Treasury BuildingShift: Night shift 6PM to 6 AM in Panama Shift (4-3, 3-4 shift)Clearance Required: TS/SCIJob Summary:Alpha Omega Integration, LLC is seeking a highly skilled Security Operations Center (SOC) Analyst to join our team. As a SOC Analyst, you will be...
-
Cybersecurity Threat Analyst
1 week ago
Washington, Washington, D.C., United States Secure Innovations LLC Full timeWe are seeking a highly skilled Cybersecurity Threat Analyst to join our team at Secure Innovations LLC. The ideal candidate will have a strong background in threat intelligence and analysis, with the ability to gather and process threat-related information from multiple sources.The Threat Analyst will be responsible for identifying and analyzing...
-
Senior Cybersecurity Specialist
2 weeks ago
Washington, United States Constellation West Full timeJob Title: Senior Security SpecialistConstellation West is seeking a highly skilled Senior Security Specialist to join our team. As a key member of our cybersecurity team, you will be responsible for planning, implementing, and monitoring security measures and policies to protect critical DHS networks and sensitive data.Key Responsibilities:Research and...
-
Cybersecurity Specialist
2 weeks ago
Washington, Washington, D.C., United States Aloden, Inc. Full timeIT Security SpecialistAloden, Inc. is seeking a highly skilled IT Security Specialist to join our team. As a key member of our security operations team, you will be responsible for ensuring the security and integrity of our systems and data.Key Responsibilities:Design and implement security controls to protect against cyber threatsMonitor and analyze...
