Cyber Content Developer

IP Secure, LLCSan Antonio, TX
Onsite

About The Position

The Cyber Content Developer/SIEM Engineer implements use cases based on mission requirements that provide analysts with a manageable SIEM view of security incidents, complete with workflow and reporting. Additionally, provide proactive housekeeping of associated content (use cases) with consideration for revisions and/or decommissioning. Will be in close collaboration with DO and DM leadership to ensure tasks align with squadron requirements, priorities, and future initiatives.

Requirements

  • An active TS/SCI clearance.
  • Ability to obtain the GIAC Machine Learning Engineer (GMLE) Certification within 120-days of hire date OR have a BS in Computer Science or MS in Computer Science/Cyber Security.

Nice To Haves

  • 2+ years of SIEM technology (ex: Arcsight, Splunk, Devo and/or ELK).
  • Experience with log handling, reports, filters, and rule creation.
  • Extensive knowledge with IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and Agencies (ex: Air Force, Navy, Army, DC3, DISA).
  • 3+ years of experience with Network Traffic Analysis; ports and protocols.
  • SANS GCDA or equivalent certification(s).
  • Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (ex: Open Source projects).
  • 1+ year of experience with Security, Orchestration, Automation, and Response (SOAR) platforms such as Phantom and/or Demisto.
  • Proficient in Python and PowerShell.

Responsibilities

  • Analyze DCO events.
  • Apply current industry SIEM best‐practices.
  • Use security alerts correlated with log enrichment data to enhance the operator’s ability to identify real attacks.
  • Establish security control effectiveness and monitor for unauthorized outbound connections
  • Create detections by analyzing log data across the enterprise.
  • Develop dashboards and visualizations to identify adversarial activity.
  • Use log data to establish and implement virtual tripwires for early detection.
  • Analyze and ingest security logs into the SIEM in order to optimize for performance of the SIEM.
  • Conduct designing, implementing, and testing of various SIEM solutions.
  • Create and support the creation of SIEM Use Cases and understand what alerts and log enrichment is necessary to meet the required acceptable false positive rate.
  • Create, test, and validate filters and rules.
  • Build and implement event correlation rules, logic, and content in the SIEM.
  • Tune SIEM event correlation rules and logic to filter out security events associated with known and well-established network behavior, known false positives and/or known errors.
  • Analyze malware threats to develop behavior-based detections that alert and/or prevent malicious activity.
  • Automate tasks in the SIEM using a common programming or scripting language.
  • Create scheduled and ad‐hoc reporting with SEIM tools.
  • Create and maintain SIEM documentation.
  • Develop and execute a process to review and maintain SIEM resources such as rules, filters, lists, trends and reports.

Benefits

  • Medical
  • Dental
  • Vision
  • Unlimited Vacation
  • Sick Leave
  • Paid Federal Holidays
  • Education and Certification Reimbursement Program
  • 401(k) retirement plan with safe harbor employer match after 3 months
  • Prepaid legal plan and ID protection plan available
  • Accident Insurance
  • Critical Illness Insurance
  • Hospital Indemnity Insurance available
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service