Lead Content Developer / Cyber Threat Detection Developer

Looking for an opportunity to make an impact?

At Leidos, we deliver innovative solutions through the efforts of our diverse and talented people who are dedicated to our customers’ success. We empower our teams, contribute to our communities, and operate sustainably. Everything we do is built on a commitment to do the right thing for our customers, our people, and our community. Our Mission, Vision, and Values guide the way we do business.

If this sounds like the kind of environment where you can thrive, keep reading!

Leidos Intelligence Group uses a wide range of capabilities in Digital Modernization, Mission Software Systems, and enabling technologies like Artificial Intelligence and Machine Learning to support our customers’ mission to defend against evolving threats around the world. Our team’s focus is ensuring our intelligence customers have the right tools, technologies, and tactics to keep pace with an ever-evolving security landscape and succeed in their pursuit to protect people and critical assets.

Your greatest work is ahead!

Leidos is hiring for a Lead Content Developer / Cyber Threat Detection Developer to work onsite in Northern Virginia supporting our TSA customer in their Security Operations Center. You will Utilize Splunk Enterprise Services SIEM to proactively research and then apply custom detection capabilities from disparate data sources such as: cyber threat intelligence, vulnerability data, campaign and indicators of compromise. These threat detection data types will be used to develop custom security, engineering, and or applicable dashboards; validate existing and/or create new correlation rules and alerts, as well as validate the index sources of the SIEM to ensure a thorough defense in depth for the enterprise. This position is contingent upon contract award.

What you’ll be doing:
Participate in briefings to provide expert guidance on new threats and will act as an escalation point for cyber analysts and engineering leads.
Author reports and/or interface with customers for ad-hoc requests.
Participate in discussions to make recommendations on improving SOC cyber visibility, process improvements, and reducing the incident remediation period.
Investigate and analyze all logs available within the SIEM, document workflows, and identify process improvements in the handling and remediation of cyber security events.
Leverage deep understanding of how to develop custom content within the Splunk SIEM using advanced SPL language and data models or other network security tools to detect threats and attacks.
Capture use cases from subscribers or other team members to develop custom correlation rule(s), validate and or create new dashboard(s) and validate all index sources for applicability within the Splunk environment.
Utilize knowledge of latest cyber threats and attack vectors to develop and or maintain custom Splunk correlation rules from all indexed sources

to support continuous event monitoring and alerting.
Develop, manage, and maintain Splunk data models.
Review all existing network event sources to determine if relevant data is present and make technical recommendations to remediate any missing log components.
Review and or suggest new log and event index types as new devices are brought into the enterprise network.
Develop custom regex to create custom knowledge objects.
Developing custom SPL using macros, lookups, etc., and network security signatures such as SNORT, YARA and Zeek.
Develop custom dashboards and reports for customer stakeholders.
Train and mentor junior staff.
Normal working hours of 8:00am – 5:00pm, however actual hours may vary depending on mission requirements.

What does Leidos need from me?
Minimum of an active Secret security clearance required.
Bachelor’s in Information Technology, Computer Science, Cybersecurity or related field and 12 to 15 years of prior relevant experience.
Five years of experience in developing, implementing, and managing Splunk correlation rules and content.
One of the following certifications is required: CISSP, GCIH, GCFA, GPEN, GWAPT, GCIA, or equivalent.
Certification: Splunk Core Certified Advanced Power User certification.
Must possess strong written and verbal communication skills and must be capable of the understanding, documenting, communicating and presenting technical issues in a non-technical manner to audiences with varying degrees of technical expertise.
Extensive experience working with various security methodologies and processes.
Advanced knowledge of TCP/IP protocols, experience configuring and implementing various technical security solutions, extensive experience providing analysis and trending of security log data from a large number of heterogeneous security devices.
Must have demonstrated ability to build and implement event correlation rules, logic, and content in the security information and event management system with specific experience in the Splunk environment.
Must have demonstrated ability to tune the SIEM event correlation rules and logic to filter out security events associated with known and well-established network behavior, known false positives and/or known errors.
Experience maintaining an event schema with customized security severity criteria.
Experience creating scheduled and ad-hoc reporting with SEIM tools.
Thorough and in-depth understanding of SEIM technologies and event collector deployments in the Windows and Linux operating environments.
Experience developing advanced correlation rules utilizing stats and data models for cyber threat detection.
Experience creating and maintaining Splunk knowledge objects.
Experience managing and maintaining Splunk data models.
Experience creating regex for pattern matching.
Experience implementing security methodologies and SOC processes.

Favorable if you have:
Splunk Enterprise Security Admin, Splunk Certified Developer certification.
Experience with cloud (e.g. o365, Azure, AWS, etc.) security monitoring and familiar with cloud threat landscape.
Experience analyzing Packet Capture formatted data (PCAP).
Experience developing custom scripts using Python.

Pay Range:

Pay Range $118,300.00 - $213,850.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

#J-18808-Ljbffr