Content Developer Security Clearance

Position: Content Developer with Security Clearance
Summary Overview:
We are seeking an experienced Cyber Content Developer to support Defensive Cyber Operations (DCO) for U.S. Air Force cyber defense units. In this role, you will design, build, and maintain the SIEM detection content—the rules, alerts, dashboards, and automation—that enables analysts to quickly identify real cyber threats across the enterprise.
The ideal candidate is a knowledgeable SIEM engineer with a strong background in cybersecurity operations, log analysis, threat behavior detection, and SIEM tuning. You will work closely with cyber operators and leadership to develop high‑quality detection logic, reduce false positives, enhance situational awareness, and ensure SIEM content is optimized to support mission needs.
This is a highly impactful, mission‑critical role supporting national defense operations.

Key Responsibilities:

- Develop and maintain SIEM detections, correlation rules, filters, dashboards, and reporting.
- Analyze cyber events, logs, and network data to identify malicious activity and build new detections.
- Tune SIEM rules to reduce noise and improve accuracy for cyber analysts.
- Create “virtual tripwires” and behavior‑based detections using frameworks such as MITRE ATT&CK.
- Ingest, optimize, and enrich log data to improve SIEM performance and visibility.
- Conduct testing, validation, and documentation of SIEM content and workflows.
- Automate SIEM tasks and processes using Python, Power Shell, or similar scripting languages.
- Provide training, knowledge transfer, and operational support to government personnel.
- Maintain awareness of evolving cyber threats and incorporate new techniques into SIEM content.

Required Qualifications
- Active TS/SCI security clearance.
- DoD 8570/8140 IAT Level III / CND certification.
- 5+ years of hands‑on experience with SIEM platforms such as Arc Sight, Splunk, or ELK (log handling, rule creation, dashboards, reporting).
- 3+ years of network traffic analysis (ports, protocols, IDS/IPS).
- Strong understanding of cyber threat behavior and the MITRE ATT&CK framework.
- Experience developing and tuning SIEM detections to reduce false positives.
- Bachelor’s degree in a technical field (or equivalent experience). Desired

Skills:

- Experience with SOAR tools (Phantom, Demisto, or similar).
- Proficiency in Python, Power Shell, or automation scripting.
- SANS GCDA or equivalent certification. Company Benefits:
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following:

• Medical, dental & vision

• Critical Illness, Accident, and Hospital

• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available

• Life Insurance (Voluntary Life & AD&D for the employee and dependents)

• Short and long-term disability

• Health Spending Account (HSA)

• Transportation benefits

• Employee Assistance Program

• Time Off/Leave (PTO, Vacation or Sick Leave)