Cyber Security Detections Engineer, Senior (TS/SCI CI ...

GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation's top organizations, such as Fortune 500 companies and U.S. government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk.An active Top Secret / SCI with CI Poly security clearance is required for consideration for hire for this role. Work is to be performed 100% onsite with our Government Customer in Springfield, VA.Responsibilities include, but are not limited to:Formulate and publish custom Security Information and Event Management (SIEM) tool content and IDS/IPS signatures to address threatsPerform security event and incident correlation using information gathered from a variety of sources within the enterpriseAnalyze and assess damage to the data / infrastructure as a result of cyber incidentsPerform cyber incident trend analysis and reporting.Characterizes and performs analysis of network traffic and system data to identify anomalous activity and potential threats to resources.Provide detection, identification, and reporting of possible cyber-attacks/intrusions, anomalous activities, and misuse activitiesCreate, deploy, and implement threat-based signatures and detection rules for operational intrusion detection capabilities.Basic Qualifications:Bachelor's Degree or 4+ years of additional experience in lieu of degree5+ years of experience in a cyber roleExperience with enterprise security tools, including Security information and event management (SIEM), Threat intelligence platforms (TIPs), or Network monitoring toolsExperience with creating, modifying, tuning, IDS signatures/SIEM correlation searches and other detection signatures.Knowledge of implementation of countermeasures or mitigating controls.Experience with modern Windows, UNIX, network operating systems, databases, and virtual computingDoD 8570 certification meeting IAT Level II ((GSEC, Security+, SSCP, or CCNA-Security)) requiredCNDSP-A (GCIA, GCIH, or CEH) or CNDSP-IR (GCIH, CSIH, or CEH) certification requiredDemonstrated Technical Experience:Experience performing analysis of network traffic and correlating diverse security logs to perform recommendations for signature development.Knowledge with implementation of counter-measures or mitigating controls.Ability to support incident response and forensic operations as required to include static/dynamic malware analysis and reverse engineering.Experience with enterprise security tools, including Security information and event management (SIEM), Threat intelligence platforms (TIPs), or Network monitoring tools.Experience in creating, modifying, tuning, IDS signatures/SIEM correlation searches and other detection signatures.Preferred Qualifications:Proficient in Linux operating systemsAdvanced skills in Linux/Unix (command line user - proficient and used in last 6 months)Working knowledge of current COTS Cybersecurity technologies.Security Clearance Requirements:TS/SCI w/CI PolyPhysical Requirements:* Must be able to remain in a stationary position 50%* Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine and computer printer* The person in this position frequently communicates with co-workers, management, and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situationsGuidePoint Security is an equal opportunity employer and welcomes applications from diverse candidates. We are committed to providing a workplace that is free from discrimination and harassment. #J-18808-Ljbffr

Created: 2025-10-06