Cyber Security Engineer

By Light Professional IT Services LLC readies warfighters and federal agencies with technology and systems engineered to connect, protect, and prepare individuals and teams for whatever comes next. Headquartered in McLean, VA, By Light supports defense, civilian, and commercial IT customers worldwide.

• Provide FCI mission support to our customers located at Ft. Meade
• Serve as operational and technical SME for new FCI cyber capability; ensure FCI capabilities meet all customer mission needs.
• Effectively integrate new FCI cyber capabilities into existing defensive cyber operations tactics, techniques, and procedures (TTPs); assist in developing new TTPs as required. Create, publish and articulate By Light Cyber Advisories to customer base.
• Advise customers on how to effectively use new FCI cyber capabilities to achieve mission outcomes. Provide technical recommendations and solutions impacting a cyber attack surface and how a customer base should address identified vulnerabilities.
• Ensure customer-requested FCI countermeasures are developed, tested, and implemented at mission speed; develop and recommend new FCI countermeasures.
• Work closely with customer cyber fusion or cross-functional teams to determine how FCI cyber capability addresses prioritization or emerging cyber threats; provide insights based on threats identified by the capability and OSINT collaboration.
• Serve as point of contact for cyber operations, reporting, and operational issues
• Support timely resolution of system performance issues in NETOPS and SECOPS functional areas.
• Work directly with commercial vendor SOC to resolve operational impacts and generate cyber countermeasures to support customer mission to include OSINT.
• Support the customer cyber operations planning, order and implementation development processes.
• Must be a U.S. Citizen and have an active Top Secret/SCI (TS/SCI) security clearance.
• Understands networking concepts, common ports and protocols, network routing, defense-in-depth, and common security tools.
• Understands cyber operations and cyber operation planning processes.
• Understands malicious cyber actor TTPs to include initial access and command-and-control.
• Understands how to use cyber security tools and data to conduct defensive cyber operations.
• Understands cyber threats and cyber threat frameworks such as Cyber Kill Chain and MITRE ATT&CK framework.
• Understands Cyber Threat Intelligence (CTI) and how to integrate CTI into defensive cyber operations.
• Hands on SIEM experience, preferably with Splunk, to include configuration, query development, log review/analysis, and correlation of event data
• 5 years of experience in cyber operations role, preferably supporting DGFC or JFHQ
• Experience with regex and signature development
• Experience with coding/scripting
• Cybersecurity certifications such as CISSP and/or GIAC certifications
• Splunk certifications
• Minimum Active Secret Clearance.
• Active TS and TS/SCI clearances are preferred.