DCO Content Developer / Detection Engineer

DCO Content Developer / Detection Engineer

Join to apply for the DCO Content Developer / Detection Engineer role at SOSi

DCO Content Developer / Detection Engineer

1 day ago Be among the first 25 applicants

Join to apply for the DCO Content Developer / Detection Engineer role at SOSi

Get AI-powered advice on this job and more exclusive features.

Sr Talent Acquisition Strategist for SOSi | Cleared | Looking for Cleared IT Candidates | A Seeker of Awesome People!

SOSi is seeking a highly qualified DCO Content Developer / Detection Engineer to support our customer in Wiesbaden Germany.

• Work as a member of the Cyber Detection Engineering Team to increase the security posture of organization
• Strategize and identify unique opportunities to locate and collect new data, explore and mine data, and determines and ascertain the outcome
• Develop customized algorithms to solve analytical problems with incomplete data sets and implement automated processes for efficiently modeling and analyzing data output.
• Designing, develop, test, and implement data analytics to meet cyber network defense security requirements and support network intrusion monitoring on information systems and networks.
• Create Splunk dashboard to serve as the center point of initial intrusion analysis and information assurance awareness
• Manage intrusion detection engines policies and rules sets
• Identify and investigate vulnerabilities, asses exploit potential, and create analytics in the SIEM engines to automatically detect events with high confidence
• Prepare charts and diagrams to assist in metrics analysis and problem evaluation, and submit recommendations for data mining and analytical solutions
• Review daily cyber threat reports, open source reporting, reoccurring analytic alerts and penetration testing results to build SIEM correlation rules
• Contribute to the design, development and implementation of countermeasures, system integration, and tools specific to Cyber and Information Operations
• Draft reports of vulnerabilities to increase customer situational awareness and improve the customer’s cyber security posture
• Assist all sections of the Defensive Cyber Operations team as required in performing Analysis and other duties as assigned
• May perform documentation and vetting of identified vulnerabilities for operational use
• May prepare and presents technical reports and briefings
• Utilize your solid understanding of networking protocols, their uses, and their potential misuses
• An active in scope Top Secret/SCI clearance is required
• Bachelor in related discipline +5, AS +7, major certification +7 or 11+ years specialized experience
• Must meet DoD 8140 DCWF 511 requirements (B.S., M03385G, M10395B, M22385, A-150-1980, A-150-1202, A-150-1203, A-150-1250, A-531-0451, A-531-4421, A-531-1900, WSS 011, DISA-US1377, GFACT, GISF, Cloud+, GCED, PenTest+, Security+, or GSEC)
• Must have one of the following additional certifications (GDAT, GCDA, Elastic Certified Observability Engineer, ArcSight ESM Advanced Analyst, Splunk Enterprise Certified Admin, or Splunk Enterprise Certified Architect)
• Experience in strategizing and identifying unique opportunities to locate and collect new data, explore and mine data
• Experienced in developing customized algorithms to solve analytical problems with incomplete data sets, and implementing automated processes for efficiently modeling and analyzing data output
• Experience in designing, developing, testing, and implementing data analytics to meet cyber network defense security requirements
• Must have a full understanding of all aspects of Defensive Cyber Operations
• Experience with Intrusion systems such as Snort, Suricata, and/or Zeek
• Experience with writing SPL in Splunk to create complex searches and custom dashboards
• Must be able to obtain certification as a Technical Expert by the German Government under the Technical Expert Status Accreditation (TESA) process

Preferred Qualifications

• Bachelors degree in Engineering, Computer Science, or Mathematics
• Experience with writing rules and trends in ArcSight ESM
• Experience with writing Snort or Suricata IDS rules
• Experience with identifying Microsoft Windows event IDs and how they relate to the Mitre ATT&CK Matrix
• Experience with interpreting firewall and proxy logs
• Experience with Git and VScode
• Programming experience in one or more languages
• Experience with one or more scripting languages such as PowerShell, Bash, Python or Perl
• Working conditions are normal for an office environment.
• Fast paced, deadline-oriented environment.
• May require periods of non-traditional working hours including consecutive nights or weekends (if applicable)

Working at SOSi

All interested individuals will receive consideration and will not be discriminated against for any reason.

Seniority level

• Seniority level

  Mid-Senior level

Employment type

• Employment type

  Full-time

Job function

• Job function

  Information Technology

• Industries

  Defense and Space Manufacturing

Referrals increase your chances of interviewing at SOSi by 2x

Get notified about new Content Developer jobs in Wiesbaden, Hesse, Germany .

C++ Developer (Multinational Media organisation, Frankfurt, up to €80,000)

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr