Talent.com
Cyber Data Engineer

Cyber Data Engineer

STS Systems Support, LLC.TX, United States
30+ days ago
Job description

STS Systems Support, LLC (SSS) is seeking a Cyber Data Engineer to support our ongoing mission at Lackland Air Force Base.

Responsibilities :

  • Write and develop scripts to automate the system installation of required patches and configurations to remediated identified system vulnerabilities.
  • Perform coding and development as required to augment default SIEM functionality and facilitate the intercommunications of various security controls. (CDRL A007)
  • Develops basic new cybersecurity capabilities. (CDRL A007)
  • Develop new and maintain existing Splunk, ELK or other search / analytics tool’s knowledge objects (Saved searches, reports, dashboards, data models, event types, field aliases, field extractions, macros, lookups, tags) to alert on potentially malicious activity or fulfill compliance / policy requirements. (CDRL A007)
  • Ensure critical data feeds and hosts are sending data.
  • Develop, debug and maintain scripting languages.
  • Create, install and test vulnerability fixes to Windows and Unix / Linux platforms.
  • Assist / lead in conducting cybersecurity audits to ensure appropriate implementation and compliance of the security posture.
  • Perform systems security engineering and test efforts associated with implementing security controls on networking devices, databases, operating systems, hardware, and software components.
  • Develop vulnerability reports and investigation impact, resolution and verification of security vulnerabilities and patches; as well as, performing deep‐dive and impact analysis into failed patch deployments. (CDRL A008)
  • Develop and provide regular reports on patch management program and overall status of patch compliance. (CDRL A008)
  • Perform and provide vulnerability assessment results and recommendations to the ESM Lead, and DO as necessary.
  • Assess known systems vulnerabilities and verify system hardening and patching activities to ensure compliance with the most current applicable Security Technical Implementation Guides (STIGs) / Security Requirements Guides (SRGs) and related checklists with no more than a 5% error rate.
  • Document, implement and prioritize patching requirements across the AFIN / AFNet enterprise. (CDRL A008)
  • Provide OJT to other contractor employees, military, and / or civilian personnel, and ensure continuity folders / working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
  • Maintain currency on latest industry trends and provide operational reports / assessments for development of tactics, techniques, and procedures. (CDRL A002)
  • Create, document, and report metrics for analysis to improve weapon system processes and mission execution. (CDRL A009).
  • Support operational leaderships tasking as it relates to Systems Security Engineer functions and responsibilities

Requirements :

  • Must be a U.S. Citizen with an Active TS / SCI
  • More than 3 years of relevant work experience. BA / BS or MA / MS
  • Proficient w / Splunk Processing Language (SPL), ELK Lucene Query Syntax or other search / analytics tool.
  • Proficient with programming / scripting fundamentals – including regex, C++, Python, RHEL, Unix Scripting, and Windows PowerShell is required.
  • Linux+ / Red Hat; RHEL 7.
  • More than three (3) years of relevant work experience, including experience in responding to security problems in target‐rich environments, looking at security alerts, frontline analysis, and response.
  • Understanding of SIEM "Search" Language & Lucene Query Syntax. Understanding of SIEM Dashboard, Reports, Lookup Tables, and Summary Indexes.
  • Knowledge of knowing how to customize Dashboards via the XML source.
  • Experience with SIEM Apps and ELK.
  • Experience with Python Scripting. Programming experience in Python, C / C++, Java, or Go.
  • Demonstrated expertise with malware analysis, including investigations of botnet and root‐kit behavior.
  • Familiarity with information security concepts (OWASP Top 10, CVEs, IoCs, TTPs, Cryptography). Network Security Devices (IDS / IPS, NGFW, WAF, NGAV). OSSEC, Snort, Suricata Experience.
  • Experience with at least one SIEM i.e Alienvault, Logrhythm, Splunk, Qradar , ELK and Firewalls such as Fortinet, Sonicwall, and Palo Alto.
  • Scanning technologies, Log collection and analysis tools (SIEM).
  • Experience with Scripting / Programming Languages (BASH, Python, Java, etc).
  • Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects).
  • SSS offers a competitive benefits package to include : paid holidays, paid time off including sick and vacation leave, medical, dental and vision insurance, flexible spending accounts, short and long term disability, company paid life insurance, 401(k) with a company match and discretionary profit sharing and tuition reimbursement.