Security Development Team Leader

Internetwork Consulting Services (ICS) is currently hiring for a Security Development Team Lead to join our Federal Strategic Cyber Programs.

Location: Beltsville, MD and Roslyn, VA.  This is an on-site position and will support Monday – Friday from 8:00am to 5:00pm.    

In this role, you will:

• Implement SIEM detection capabilities.
• Develop alerting for cloud-related malicious activity.
• Coordinate detection efforts between the Security Development Team, Malware Team, and Threat Integration Team.
• Develop and enhance threat dashboards and advanced analysis capabilities.
• Assist in integrating ticketing solution with detection and response events (SOAR).
• Onboard and integrate cyber monitoring tools from the analyst’s perspective.
• Write Microsoft Defender for Endpoint (MDE), Zeek (Bro) Suricata and Snort signatures, develop new content for cyber defense tools.
• Collaborate with endpoint and cloud signature analyst in writing Bespoke alerts.
• Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) to improve threat detection.
• Provide Security Developer detections support in a 24x7x365 environment.

Required:

• Bachelor’s degree and 5 years of relevant experience; or a Master's degree and 3 years of experience. An additional 4 years of experience will be considered in lieu of degree.
• Must possess ONEof the following certifications or the ability to obtain before start date:
  • CCNA-Security, CEH, CFR, CHFI, Cloud+, CySA+, GCFA, GCIA, GCIH, GICSP, SCYBER
• Expertise in planning, implementation and usage of log aggregation and security analysis tools.
• Knowledge of Splunk, native event logs, and ability to identify remediation steps for cybersecurity events.
• Strong organizational skills.
• Proven ability to operate in a time sensitive environment. 
• Proven ability to communicate orally and written.
• Proven ability to brief (technical/informational) senior leadership.
• Ability to scope and perform impact analysis on incidents.
• U.S. citizenship required.
• Secret security clearance to start with the ability to obtain a Top Secret security clearance.

Preferred:

• Familiarity with monitoring Cross Domain Solutions.
• Familiarity with Databricks.
• Understanding of Machine Learning and User and Entity Behavior Analytics.
• Understanding of Cloud Development with Microsoft Azure/MDE.
• Understanding of SQL, Python and JavaScript.
• Understanding of Splunk ES and Splunk ES Cloud
• Microsoft Certifications (SC-200, SC-300, SC-400, SC-900)
• Splunk Certifications (Using ES, Administering ES, Enterprise Data Administration, Core Certified User, Power Certified Use)