Cyber Security Tools Specialist

Job Description

Evolver Federal is seeking a Cyber Security Tools Specialist to join our team responsible for operating and maintaining security configurations and applications in support of cyber threat intelligence and SOC operations, ensuring 24x7 availability for our federal customer. This is a fully remote role. MUST HAVE active SECRET level clearance or higher, with the potential requirement for a Top Secret with CI Polygraph.

Responsibilities Include:

• Develop and deploy new security intelligence tools, as well as support device and/or content research.
• Develop and maintain detection rules in security tools.
• Maintain, patch, operate and support the incident response tools.
• Architect, deploy, test, maintain, patch, and operate any new tools supporting intelligence and security operations.
• Provide system administration using configuration management tools to manage systems.
• Manage and tune signature sets to maximize true positives and minimize false positives.
• Document all tool tuning activities.
• Responsible for contributing to daily operational update meetings and unscheduled situational update briefings for client leaders as needed.
• Ability to analyze reports and provide technical recommendations for remediation security gaps.
• Analyze reports to understand threat campaign techniques and lateral movements and extract indicators of compromise (IOCs).
• Reference applicable departmental and operating administration policies in work products.
• Recommend sound remediation and recovery strategies and suggest defensive policy enhancements and information technology procedures.
• Provide forensic and network analysis to support risk-based decisions.
• Able to work in an Agile Environment.
• Perform threat detection and trend analysis. Understand and convey of the lifecycle of the network threats, attack vectors, and network vulnerability exploitation.
  
  

Basic Qualifications:

• Bachelor's Degree or 4 additional years of applicable experience.
• 3 years of experience in systems administration / engineering.
• 3 years experience with Cyber Security tools such as: Trellix, Cisco Stealthwatch, VMRay, Teramind, Gurucul, AWS CloudWatch, Swimlane, Tenable, Malware Information Sharing Platform (MISP), Splunk, Sumo Logic.
• 3 years of experience with scripting languages such as JavaScript, Python, Perl, Groovy, Rudy, Bash, PowerShell, etc.
• 3 years of experience writing Splunk & Sumo Logic queries to create complex dashboards.
• 3 years or experience implementing the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework.
• 3 years of development/Scripting experience with tools such as Python, Bash, PowerShell, Rest API, Splunk.
• 3 years of experience with information security devices, including firewalls and intrusion detection and prevention systems, and applications, including security information management tools, such as Splunk and Sumo Logic.
• 3 years of experience with signatures, tactics, techniques, and procedures (TTP) associated with cyber threats and actors.
• Must be a US Citizen.
• Must be able to obtain a federal agency-specific clearance prior to starting.
• Must possess an active SECRET level clearance or higher, with the potential requirement for a Top Secret with CI Polygraph as the project progresses.
• Must have and maintain at least two (2) active certifications, such as Network CE, Security CE, CASP, GSEC, GSLC, CISSP, CEH, CISM, or CISA
  
  

Preferred Qualifications

• 4 years of experience in systems administration / engineering.
• 4 years experience with Cyber Security tools such as Trellix, Cisco Stealthwatch, VMRay, Teramind, Gurucul, AWS CloudWatch, Swimlane, Tenable, Malware Information Sharing Platform (MISP), Splunk, Sumo Logic.
• 4 years of experience with scripting languages such as JavaScript, Python, Perl, Groovy, Rudy, Bash, PowerShell, etc.
• 4 years of experience writing Splunk and Sumo Logic queries to create complex dashboards.
• 4 years or experience implementing the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework.
• 4 years of development/Scripting experience with tools such as Python, Bash, PowerShell, Rest API, Splunk and Sumo Logic.
• 4 years of experience with information security devices, including firewalls and intrusion detection and prevention systems, and applications, including security information management tools, such as Splunk or Sumo Logic.
• 4 years of experience with signatures, tactics, techniques, and procedures (TTP) associated with cyber threats and actors.