Cyber Data Engineer

STS Systems Support, LLC (SSS) is seeking a Cyber Data Engineer

Requirements:

• DoDD 8570.01‐M/8140.01 I AT Level III CND
• Active TS/SCI
• More than 3 years of relevant work experience. BA/BS or MA/MS

• Proficient w/ Splunk Processing Language (SPL), ELK Lucene Query Syntax or other search/analytics tool.
• Proficient with programming/scripting fundamentals – including regex, C++, Python, RHEL, Unix Scripting, and Windows PowerShell is required.
• Linux+/Red Hat; RHEL 7.
• More than three (3) years of relevant work experience, including experience in responding to security problems in target‐rich environments, looking at security alerts, frontline analysis, and response.
• Understanding of SIEM "Search" Language & Lucene Query Syntax. Understanding of SIEM Dashboard, Reports, Lookup Tables, and Summary Indexes.
• Knowledge of knowing how to customize Dashboards via the XML source.
• Experience with SIEM Apps and ELK.
• Experience with Python Scripting. Programming experience in Python, C/C++, Java, or Go.
• Demonstrated expertise with malware analysis, including investigations of botnet and root‐kit behavior.
• Familiarity with information security concepts (OWASP Top 10, CVEs, IoCs, TTPs, Cryptography). Network Security Devices (IDS/IPS, NGFW, WAF, NGAV). OSSEC, Snort, Suricata Experience.
• Experience with at least one SIEM i.e Alienvault, Logrhythm, Splunk, Qradar , ELK and Firewalls such as Fortinet, Sonicwall, and Palo Alto.
• Scanning technologies, Log collection and analysis tools (SIEM).
• Experience with Scripting/Programming Languages (BASH, Python, Java, etc).
• Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects).

Duties:

• Write and develop scripts to automate the system installation of required patches and configurations to remediated identified system vulnerabilities.
• Perform coding and development as required to augment default SIEM functionality and facilitate the intercommunications of various security controls. (CDRL A007)
• Develops basic new cybersecurity capabilities. (CDRL A007)
• Develop new and maintain existing Splunk, ELK or other search/analytics tool’s knowledge objects (Saved searches, reports, dashboards, data models, event types, field aliases, field extractions, macros, lookups, tags) to alert on potentially malicious activity or fulfill compliance/policy requirements. (CDRL A007)
• Ensure critical data feeds and hosts are sending data.
• Develop, debug and maintain scripting languages.
• Create, install and test vulnerability fixes to Windows and Unix/Linux platforms.
• Assist/lead in conducting cybersecurity audits to ensure appropriate implementation and compliance of the security posture.
• Perform systems security engineering and test efforts associated with implementing security controls on networking devices, databases, operating systems, hardware, and software components.
• Develop vulnerability reports and investigation impact, resolution and verification of security vulnerabilities and patches; as well as, performing deep‐dive and impact analysis into failed patch deployments. (CDRL A008)
• Develop and provide regular reports on patch management program and overall status of patch compliance. (CDRL A008)
• Perform and provide vulnerability assessment results and recommendations to the ESM Lead, and DO as necessary.
• Assess known systems vulnerabilities and verify system hardening and patching activities to ensure compliance with the most current applicable Security Technical Implementation Guides (STIGs)/Security Requirements Guides (SRGs) and related checklists with no more than a 5% error rate.
• Document, implement and prioritize patching requirements across the AFIN/AFNet enterprise. (CDRL A008)
• Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
• Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. (CDRL A002)
• Create, document, and report metrics for analysis to improve weapon system processes and mission execution. (CDRL A009).
• Support operational leaderships tasking as it relates to Systems Security Engineer functions and responsibilities