This position is located in Beltsville, MD and Rosslyn, VA. This is an on-site position and will support Monday Friday from 8:00am to 5:00pm. No hybrid/telework allowed.

Responsibilities:

• Implement SIEM detection capabilities.
• Develop alerting for cloud-related malicious activity.
• Coordinate detection efforts between the Security Development Team, Malware Team, and Threat Integration Team.
• Develop and enhance threat dashboards and advanced analysis capabilities.
• Assist in integrating ticketing solution with detection and response events (SOAR).
• Onboard and integrate cyber monitoring tools from the analyst's perspective.
• Write Microsoft Defender for Endpoint (MDE), Zeek (Bro) Suricata and Snort signatures, develop new content for cyber defense tools.
• Collaborate with endpoint and cloud signature analyst in writing Bespoke alerts.
• Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) to improve threat detection.
• Provide Security Developer detections support in a 24x7x365 environment.

Qualifications:

Required Qualifications:

• Bachelor's degree and 5 years of relevant experience; or a Master's degree and 3 years of experience. An additional 4 years of experience will be considered in lieu of degree.
• Must possess ONE of the following certifications:
• CEH, CFR, CHFI, Cloud+, CySA+, GCFA, GCIA, GCIH, GICSP, SCYBER, CCNA Security
• Expertise in planning, implementation and usage of log aggregation and security analysis tools.
• Knowledge of Splunk, native event logs, and ability to identify remediation steps for cybersecurity events.
• Strong organizational skills.
• Proven ability to operate in a time sensitive environment. 
• Proven ability to communicate orally and written.
• Proven ability to brief (technical/informational) senior leadership.
• Ability to scope and perform impact analysis on incidents.
• U.S. citizenship required.
• Must have a Secret security clearance to start.
• Ability to obtain a Top Secret security clearance required.

Preferred Qualifications:

• Familiarity with monitoring Cross Domain Solutions.
• Familiarity with Databricks.
• Understanding of Machine Learning and User and Entity Behavior Analytics.
• Understanding of Cloud Development with Microsoft Azure/MDE.
• Understanding of SQL, Python and JavaScript.
• Understanding of Splunk ES and Splunk ES Cloud.
• Microsoft Certifications (SC-200, SC-300, SC-400, SC-900).
• Splunk Certifications (Using ES, Administering ES, Enterprise Data Administration, Core Certified User, Power Certified Use).

EEO Statement