SIEM Content Developer

Researches and develops new threat detection use cases based on emerging threats, threat intelligenceresearch and Threat Detection Analyst feedback. Works with stakeholders and cybersecurity tool SMEsto identify gaps in security protection and analytics capabilities. Develops custom scripts to enhanceSIEM functionality. Reviews the quality of data feeds and recommend and/or implement improvements.Collaborates with stakeholders to identify critical systems and application components to developalerting priorities and create signatures tailored to individual programs and applications.Minimum RequirementsFive (5) years of relevant IT experienceThree (3) years working with a SIEM in a content development or Incident Response role.Three (3) years of System and/or Network Administration experienceUnderstanding of various log formatsUnderstanding of the MITRE ATT&CK frameworkStrong understanding of network architectureExperience developing and maintaining scripts (preferably using Powershell, Python or SPL)Understanding of Defense-in-DepthMust possess a current DOD Top Secret Clearance and be eligible for an IT-I Critical Sensitive security clearance or Tier 5 (T5) at time of proposal submission.Must have Baseline Certification for IT-II and CNDSP/CSSP-IRwhen on boarding and must have one of the "Computer Network Defense" CE Certifications within six (6) months of on-boarding.Work to be performed On-Site (Only). Work Locations: Columbus, OH; Battle Creek, MI; Ft. Belvoir, VA