Content Detection Engineer III - Remote

Overview

Agile Defense is seeking a highly-experienced SIEM Content Developer to join our team that provides security operations center (SOC) support, cyber analysis, application development, and a 24x7x365 support staff to one of our DHS.

In Short

• Proactively search for threats and inspect traffic for anomalies.
• Investigate and analyze logs, providing analysis and response to alerts.
• Develop custom content within the SIEM using advanced SPL language.
• Participate in briefings to provide expert guidance on new threats.
• Author reports and interface with customers for ad-hoc requests.
• Collaborate with team members to analyze alerts or threats.
• Stay up to date with the latest threats and familiar with APT and common TTPs.
• Provide expert guidance and mentorship to junior analysts.
• Participate in discussions to improve SOC visibility or processes.
• Contribute to SOP development and updating.

Requirements

• Relevant BS degree plus 8+ years of experience in incident detection & response.
• Experience with content development in Splunk and setting up correlation rules.
• Experience with Crowdstrike for triaging and investigating hosts.
• Experience with McAfee AV signatures and custom Tanium packages.
• Ability to analyze network traffic using enterprise tools.
• Critical thinking and analysis skills for investigating cyber security alerts.
• Familiarity with the Cyber Kill Chain and attack life cycle.
• Experience with dynamic malware analysis.
• Ability to review and provide feedback to junior analysts.
• Strong collaboration skills with team members.

Benefits

• Opportunity to work on critical national security missions.
• Engagement with advanced technologies and elite minds.
• Supportive work environment with a focus on innovation.
• Flexible working hours with on-call rotational schedule.
• Professional development and mentorship opportunities.