- Cyber Defense
- Washington, District of Columbia, United States
XOR Security is currently seeking a talented Senior Analyst and Content Developer to support a Cyber Security Operation Center.
We are seeking the right candidates who can develop custom detection content (correlation rules) identify threat activity. This includes developing notable events, analyzing events for false-positives, modifying existing query logic, and assessing analytic frameworks such as the Mitre ATT&CK framework. The candidate will provide optimization of existing SIEM and sensor technology to optimize detection. The following include typical duties:
- Work with different cyber teams (24X7 SOC Analysts, Cyber Intel, Insider Threat and Cyber Hunt) to develop detection content requirements.
- Alert use case development and tuning.
- Configure notable event actions, action menus and Adaptive Responses
- Public Trust Clearance
- Minimum 3 years of experience working as a senior analyst with regular function building and implementing event correlation rules, logic, and content in the security information and event management system with specific experience in the Splunk platform
- Must possess strong written and verbal communication skills and must be capable of the understanding, documenting, communicating and presenting technical issues in a non-technical manner to audiences with varying degrees of technical expertise
- The candidate must be comfortable editing and maintaining Splunk configuration files and apps managed in version control systems.
- Must have demonstrated ability to tune the SIEM event correlation rules and logic to filter out security events associated with known and well established network behavior, known false positives and/or known errors
- Must have experience maintaining an event schema with customized security severity criteria
- Must possess a thorough and in-depth understanding of SIEM technologies and event collection mechanisms in the Windows, Linux operating environments, network and security devices
- Bachelor’s Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering
- Senior analyst certification such as GCIA, GCIH, GNFA, GREM, GXPN or similar.
- Demonstrated experience with Extraction, Transformation, and Loading of data including skills in SPL and Regex
- Experience and be comfortable with recognizing and onboarding new data types, and managing distributed data source inputs into Splunk, analyzing the data for anomalies and trends, and building dashboards, reports, and alerts both independently and built from customer requirements.
- Comfortable operating via the linux command line interface
- Experience maintaining an event schema with customized security severity criteria
- Experience with a cloud-based Splunk deloyment
- Experience planning, data collection, and sizing for a distributed deployment and is able to manage and troubleshoot distributed deployments with multiple, multi-site indexer clusters and search head clusters.
- Experience supporting a Security Operation Center’s Splunk deployment
- Experience as a Security Engineer and/or Security Analyst for a Security Operation Center
- Knowledge of event sources various event sources such as Azure, Office365, BlueCoat, FireEye, Windows Servers, Linux Servers, Checkpoint Firewalls, Etc.
- Ability to script in one more of the following computer languages Python, Bash, Visual Basic or Powershell
- Secret Clearance or above
XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement - Applicants selected must meet background investigation eligibility requirements - US CITIZENSHIP required and PUBLIC TRUST clearance.