STS Systems Support, LLC (SSS) is seeking a Signature Writer - Intermediate - Cyber Security
Requirements:
- DoDD 8570.01-M/8140.01 I AT Level III CND
- Active TS/SCI
- More than 3 years' experience implementing signatures on HIPS devices.
- 3+ years' experience using Regular Expressions, YARA, and Snort-equivalent to create custom IPS/IDS signatures. BA/BS or MA/MS
- More than three (3) years of experience implementing signatures on Host based Intrusion Protection System (HIPS) devices.
- Proficient in PowerShell with more than one (1) year of experience.
- Extensive knowledge of Windows internals.
- Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects).
- More than three years of experience using Regular Expressions, YARA, and Snortequivalent to create custom IPS/IDS signatures
Desired:
- More than five (5) years of experience implementing behavior-based (heuristic and anomaly-based) signatures on IDS/IPS/Host based Intrusion Protection System (HIPS) devices on AF approved devices as well as DISA's Joint Regional Security Stacks (JRSS).
- Proficient in Python and PowerShell. SANS GCFA or equivalent certification.
Duties:
- Analyze, interpret, and utilize Regular Expressions, YARA, and Snort-like capabilities in the creation of custom signature sets.
- Develop and document IPS/IDS SOPs. (CDRL A008)
- Investigate intrusion events, host files, network files, and memory, to dissect and extrapolate information necessary for the development of custom signatures.
- Analyze deployed signatures to reduce false positive rate and perform signature maintenance.
- Create, modify, and manage, Security Orchestration and Automation workflows for operational use and execution.
- Automate tasks using a common programming or scripting language.
- Utilize Linux systems, UNIX/Linux shell scripting (bash), Python, PowerShell.
- Develop, Test, Deploy, and Manage signatures, rules and filters for capabilities such as; IDS, IPS, firewall, web application firewall, proxy and SIEM systems. (CDRL A007)
- Migrate, tune, and document existing and future AF signatures/detections to new tools and systems as they become available. (CDRL A007)
- Provide support to external units and work centers as approved by AFCERT leadership. (CDRL A007)
- Automate processes and procedures using scripts and SQL/database administration (CDRL A007)
- Provide training and knowledge transfer to government personnel as requested.
- Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
- Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. (CDRL A002)
- Create, document, and report metrics for analysis to improve weapon system processes and mission execution. (CDRL A009).
- Locations: Lackland AFB, TX, Offut AFB, NE, and Maxwell AFB, AL