Job Description

Zachary Piper Solutions is seeking a skilled Cyber Security Detection Engineer to support a long-term NRO program in Springfield, VA. The team is seeking individuals with a background in cyber threat detection, investigation, and reporting to support a highly classified CSOC.

Clearance: TS/SCI CI Polygraph

Location: Springfield, VA or Denver, CO

This job opens for applications on 1/13/2025. Applications for this job will be accepted for at least 30 days from the posting date   

Responsibilities of the Cyber Detection Engineer: 

•       Assist Cyber Operations Squadron (COS) in publishing the latest cybersecurity tool signatures (e.g., anti-virus, host-based security systems).

•       Conduct in-depth analysis, including reverse malware engineering, to address intrusions, anomalies, malware, and viruses, identifying critical information about sources, intended targets, affected systems, recommended mitigation measures, and mission risk.

•       Develop custom Security Information and Event Management (SIEM) tool content and IDS/IPS signatures to counter threats.

•       Perform security event and incident correlation using information collected from various sources within the enterprise.

•       Analyze and assess damage to data/infrastructure caused by cyber incidents.

•       Conduct cyber incident trend analysis and reporting.

•       Analyze network traffic and system data to identify anomalous activity and potential threats to resources.

•       Detect, identify, and report possible cyber-attacks/intrusions, anomalous activities, and misuse activities.

•       Create and deploy threat-based signatures for operational intrusion detection capabilities.

•       Develop and implement detection rules based on intelligence reporting.

Qualifications of the Cyber Detection Engineer:

• Active TS/SCI CI Polygraph
• Bachelors degree and 5+ years of related experience in cyber security and network infrastructure
• Must have active IAT II certification; Security+ CE, GIAC Security Essentials Certification (GSEC), Security Certified Network Professional (SCNP), System Security Certified Practitioner (SSCP), RHCSA Red Hat Certified System Administrator, RHCDS Red Hat Certified Data Center Specialist
• CSSP-IT Certification highly preferred (CEH)
•  Experience with modern Windows, UNIX, network operating systems, databases, and virtual computing
• Skilled in analyzing network traffic and correlating various security logs to recommend signature development.
• Proficient in implementing counter-measures or mitigating controls.
• Capable of supporting incident response and forensic operations, including static/dynamic malware analysis and reverse engineering.
• Experienced with enterprise security tools such as Security Information and Event Management (SIEM), Threat Intelligence Platforms (TIPs), and Network Monitoring tools.
• Experienced in creating, modifying, and tuning IDS signatures/SIEM correlation searches and other detection signatures.
• Proficient in Linux operating systems.
• Advanced skills in Linux/Unix (command line user - proficient and used in the last 6 months).
• Knowledgeable about current COTS Cybersecurity technologies.
• Familiar with MITRE ATT&CK framework

Compensation of the Cyber Detection Engineer:

• Total compensation based on experience level - $130,000 - $150,000+ **based on experience level**
• Full Benefits: PTO, Paid Holidays, Sick leave as required by state laws, Medical, Dental, and Vision, 401k
• Training & development opportunities, certification reimbursement
• Long term program, contract mobility through Zachary Piper Solutions

Keywords: Authentication, Botnet, TS/SCI, polygraph, top secret/sci, CI polygraph, intelligence, IPS, IDS, intrusion detection, incident response, Data Breach, DDoS (Distributed Denial of Service), Encryption, Firewall, Malware, Phishing, cyber engineer, security engineer, penetration testing, pentest, red team, operations, crowdstrike, carbon black, MITRE, counter measures, SOC, Linux, UNIX, Command line, Ransomware, Social Engineering, Trojan, Vulnerability, Zero-Day Exploit, Advanced Persistent Threat (APT), Cybersecurity Framework, Intrusion Detection System (IDS), Penetration Testing, Security Information and Event Management (SIEM), Threat Intelligence, Virtual Private Network (VPN), Splunk, wireshark, tenable, ACAS, cyber, cyber security, cybersecurity, security, networking, network, network infrastructure, SOC, security operations center, IOC, indicators of compromise, shift, onsite, on-site, pentest, COTS, solarwinds, Tanium, arcsight, forescout, reporting, documentation, SOPs, MITRE, MITRE ATT&CK, DoD, department of defense, clearance, security clearance, sentinel, wireshark, poly, firewalls, virginia, protocols, network security