AWS Detection Engineer

About The Position

Requirements

• Active DoD Secret security clearance and ability to obtain TS/SCI.
• DoD 8570 IAT level II or higher certification such as CompTIA Security+ CE, CySA+, ISC2 SSCP, SANS GSEC prior to starting.
• DoD 8570 CSSP-A level Certification such as CEH, CySA+, GCIA or other certification is required within 180 days of hire.
• Demonstrated commitment to training, self-study and maintaining proficiency in the technical cyber security domain and an ability to think and work independently.
• Bachelor's degree and 4+ years of prior relevant experience; additional work experience or Cyber courses/certifications may be substituted in lieu of degree.
• Knowledge of architecture, engineering, and operations of Elastic and/or Splunk.
• Understanding of AWS cyber security monitoring tools such as CloudWatch, GuardDuty, VPC Flow logs, and Security Hub.
• Strong written and oral communications skills and strong analytical and troubleshooting skills.
• An ability to think critically and work independently.

Nice To Haves

• CND experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization.
• Experience with Azure, Google Cloud Platform (GCP), or Oracle Cloud Infrastructure is desirable.
• Demonstrated understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
• Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.
• Unix/Linux command line experience.
• Experience with automation templates such as CloudFormation, ARM template, or terraform.
• Scripting and programming experience such as PowerShell, bash, or python.
• Motivated self-starter with strong written and verbal communication skills, and the ability to create complex technical reports on analytic findings.
• Familiarity or experience in Intelligence Driven Defense and/or Cyber Kill Chain methodology.
• Existing 8570 CSSP Analyst Certifications (CEH), CySA+, etc.
• Familiarity or experience using cybersecurity frameworks such as MITRE ATT&CK, CIS Controls, NIST CSF, or CSA CCM.

Responsibilities

• Work with site threat emulation/analytic development team to maximize detection opportunities referenced to the MITRE ATT&CK framework.
• Develop, implement, and test analytics using Elastic and Splunk to detect malicious actor activity within AWS IaaS environments.
• Review operation and threat reports to determine detection improvement opportunities.
• Provide analyst training opportunities using test environments and emulations of malicious activity.
• Assist/advise other teams within DISA Global on their cloud security missions as needed.