Signature Writer Security Clearance

Position: Signature Writer with Security Clearance
Seeking a cyber Signature Writer with a TS/SCI in support of a critical mission for the U.S. Air Force.

Summary:

Develop, Test, Deploy, and Manage the development of commercial, and custom Host based and Network based IDS/IPS SIEM, SOAR signatures, rules, workflows, and dashboards. Contractor employees shall leverage the Pyramid of Pain in the development of ALL signatures, with the intent to develop custom signatures related to the Tough and Challenging levels within the Pyramid. Responsibilities:
- Develop and document IPS/IDS SOPs.
- Investigate intrusion events, host files, network files, and memory, to dissect and extrapolate information necessary for the development of custom signatures.
- Analyze deployed signatures to reduce false positive rate and perform signature maintenance.
- Create, modify, and manage, Security Orchestration and Automation workflows for operational use and execution.
- Automate tasks using a common programming or scripting language.
- Utilize Linux systems, UNIX/Linux shell scripting (bash), Python, Power Shell.
- Develop, Test, Deploy, and Manage signatures, rules and filters for capabilities such as; IDS, IPS, firewall, web application firewall, proxy and SIEM systems.

- Migrate, tune, and document existing and future AF signatures/detections to new tools and systems as they become available.
- Provide support to external units and work centers as approved by AFCERT leadership.
- Automate processes and procedures using scripts and SQL/database administration.
- Provide training and knowledge transfer to government personnel as requested.
- Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
- Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures.
- Create, document, and report metrics for analysis to improve weapon system processes and mission execution. Requirements:
- IAT II/III Certified
- Active TS/SCI
- More than 3 years’ experience implementing signatures on HIPS devices.
3+ years’ experience using Regular Expressions, YARA, and Snort-equivalent to create custom IPS/IDS signatures. BA/BS or MA/MS
- More than three (3) years of experience implementing signatures on Host based Intrusion Protection System (HIPS) devices.
- Proficient in Power Shell with more than one (1) year of experience.
- Extensive knowledge of Windows internals.
- Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects).
- More than three years of experience using tools such as Regular Expressions, YARA, and Snort to create custom IPS/IDS signatures Desired

Qualifications:

- More than five (5) years of experience implementing behavior‐based (heuristic and anomaly‐based) signatures on IDS/IPS/Host based Intrusion Protection System (HIPS) devices on AF approved devices as well as DISA’s Joint Regional Security Stacks (JRSS).
- Proficient in Python and Power Shell.

- SANS GCFA or equivalent certification. Company Benefits:
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following:

• Medical, dental & vision

• Critical Illness, Accident, and Hospital

• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available

• Life Insurance (Voluntary Life & AD&D for the employee and dependents)

• Short and long-term disability

• Health Spending Account (HSA)

• Transportation benefits

• Employee Assistance Program

• Time Off/Leave (PTO, Vacation or Sick Leave) If interested and would like additional information, please apply or email your resume to . Thank you!