Content Developer / Detection Engineer with a DoD Top Secret

Requirements

• Minimum of 5 years experience in Systems Engineering with a Bachelor’s degree in a STEM field or Business Administration; an additional 4 years of experience in lieu of degree may be considered.
• Must be able to qualify for Technical Expert Status Accreditation (TESA) by having a bachelor's degree in a STEM or Business field plus 3 years of specialized experience OR an associate’s degree plus 7 years of specialized experience OR a major certification plus 7 years of specialized experience.
• Active DoD Approved 8140 Certification in:
  • DCWF 521 Intermediate (B.S. in IT or one of the following: GMON, GRID, CEH, Cloud+, CySA+, GSEC, Secuirty+, PenTest+, SSCP).
  • 8140 Residential Certification (One of MSCE 2012 or 2016, Microsoft 365 Enterprise Admin Expert, Microsoft 365 Security Administrator Associate, Azure Solutions Architect Expert, or Microsoft Windows Server Hybrid Administrator).
• U.S. citizenship required.
• An Active DoD Top Secret security clearance with SCI eligibility.
• Experience in developing dashboards, and creating and maintaing Elasticsearch rules.
• Experience with intrusion detection systems such as Snort, Suricata, and TippingPoint.

Preferred

• Experience with one or more scripting languages such as PowerShell, Bash, Python.
• Experience working with Gitlab.
• Familiarity with ATT&CK Navigator and the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) matrices.

Peraton is seeking a motivated Content Developer / Detection Engineer to join our team in support of the U.S. Army Regional Cyber Center - Europe (RCC-E) services contract. Location: Wiesbaden, Germany.

In this role, you will:

• Create analytics with a SIEM to identify patterns, anomalies, and compromising indicators to alert Cyber Incident responders.
• Create dashboards in the SIEM platform to tip analysts to malicious activities directed against the DoD information systems.
• Create dashboards and report in the SIEM platform to assist network defenders in identifying issues and concerns.
• Perform daily review of analytic performance on the SIEM identifying correlation engine slowdowns.
• Evaluate intrusion detection sensor configurations for proper alert capability.
• Evaluate intrusion detection signature for appropriateness to DoD networks and implement rules as required.
• Contribute to the design, development and implementation of countermeasures, system integration, and tools specific to Cyber and Information Operations.
• Assist in the integration of additional security platforms to correlate new data with HIDS and NIDS alerts.
• Prepare and presents technical reports and briefings.
• Write reports on capabilities of the defensive cyber operations to increase customer situational awareness and improve the customer’s cyber security posture.
• Write and update SOP and TTPs as required by the local customer.