Detection Engineer - iQuasar
Alexandria, VA
About the Job
Clearance:
- Secret and ability to pass a 5 year background investigation (BI)
- Identify gaps in malicious activity detection capabilities
- Create new signatures / rules to improve detection of malicious activity
- Test and tune existing signatures / rules to ensure low rate of false positives
- Assist in playbook development for alert triage and Incident Response
- Define and implement alert and threat detection metrics, statistics, and analytics
- Recommend new tools/technologies to improve network visibility
- Support Incident Response and Forensic operations as required to include static/dynamic malware analysis and reverse engineering
- Author and maintain scripts for threat detection and automation
Experience Requirements:
- Must have one of the following J3 Certifications:
- GCIH Incident Handler
- GCFA Forensic Analyst
- GCFE Forensic Examiner
- GREM Reverse Engineering Malware
- GISF Security Fundamentals
- GXPN Exploit Researcher and Advanced Penetration Tester
- OSCP (Certified Professional)
- OSCE (Certified Expert)
- OSWP (Wireless Professional)
- OSEE (Exploitation Expert)
- CCFP Certified Cyber Forensics Professional
- CISSP Certified Information Systems Security
- CHFI Computer Hacking Forensic Investigator
- LPT Licensed Penetration Tester
- ECSA EC-Council Certified Security Analyst
- EnCE
- Windows Forensic Examinations FTK WFE-FTK
- Computer Incident Responders Course - CIRC
- Windows Forensic Examination EnCase Counter Intelligence (CI) - WFE-E-CI
- Forensics and Intrusions in a Windows Environment -FIWE
- BS degree in Science, Technology, Engineering, Math or related field and 8 years of prior relevant experience with a focus on cyber security or Masters with 6 years of prior relevant experience.
- Should have 5 years of experience serving as a digital media analyst or as a computer forensic analyst.
- In-depth knowledge of Firewalls/Proxies/Intrusion Detection Systems/ Domain Name Servers/DHCP/VPN and other network technologies and tools
- Experience updating, maintaining, and creating IDS variables within a complex enterprise network
- Expert in creating, modifying, tuning IDS signatures/SIEM Correlation Searches/yara rules and/or other detection signatures
- Familiarity with disk based forensic methodologies, Windows, and Linux forensic artifacts
- Experience with Endpoint Detection and Response (EDR) tools such as Carbon Black, Tanium, Crowdstrike, etc
- Able to create, modify, update, and maintain Python and Powershell scripts that enhance endpoint detection capabilities
- In-depth knowledge of attacker tactics, techniques, and procedures
- Author, test, and maintain automation scripts within SOAR platform
Desired Requirements:
- One of the following certifications:
- SANS Global Information Assurance Certification (GIAC) Certified Intrusion Analyst (GCIA)
- SANS Global Information Assurance Certification (GIAC) Certified Forensic Analyst (GCFA)
- SANS Global Information Assurance Certification (GIAC) Certified Network Forensic Analyst (GNFA)
- Certified Information System Security Professional (CISSP)
Source : iQuasar