Cyber Security Signature Developer

The Cyber Security Signature Developer/Scripter's primary responsibility is for Developing, Testing, Deploying, and Managing the development of commercial, and custom Host Based and Network based IDS/IPS SIEM, SOAR signatures, rules, workflows, and dashboards. At IPSecure, you'll shape the future of Cybersecurity by building the technology to tackle the toughest challenges and stay ahead of the latest threats. If you want to join an agile and growing company that makes a direct impact in the cyber fight against cyber criminals, IPSecure is the place for you. Driven by passionate people who are dedicated to making the world safer, it's no wonder we've been named a Top Place to Work in San Antonio. Responsibilities

• Development of all signatures, with the intent to develop custom signatures related to the Tough and Challenging levels within DCO tool sets.
• Analyze, interpret, and utilize Regular Expressions, YARA, and Snort-like capabilities in the creation of custom signature sets.
• Develop and document IPS/IDS SOPs.
• Investigate intrusion events, host files, network files, and memory, to dissect and extrapolate information necessary for the development of custom signatures.
• Analyze deployed signatures to reduce false positive rate and perform signature maintenance.
• Create, modify, and manage Security Orchestration and Automation workflows for operational use and execution.
• Automate tasks using a common programming or scripting language.
• Utilize Linux systems, UNIX/Linux shell scripting (bash), Python, PowerShell.
• Develop, Test, Deploy, and Manage signatures, rules and filters for capabilities such as; IDS, IPS, firewall, web application firewall, proxy and SIEM systems.
• Migrate, tune, and document existing and future AF signatures/detections to new tools and systems as they become available.
• Provide support to external units and work centers as approved by AFCERT leadership.
• Provide training and knowledge transfer to government personnel as requested.
• Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
• Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures.
• Create, document, and report metrics for analysis to improve weapon system processes and mission execution.

• An active TS/SCI clearance is required to start.
• Ability to gain the CSSP Incident Responder Certification (GCFA) Certification requirement within 120-day of hire date., * Extensive knowledge with one or more of the IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and Agencies (ex: AF, Navy, Army, DC3, DISA) or Federal Government.
• Experience with IP addressing and domain name service; network components; Transmission Control Protocol (TCP)/User Datagram Protocol (UDP), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), and Hypertext Transfer Protocol (HTTP).
• Understand the network Open Systems Interconnection (OSI) model.
• Automate processes and procedures using scripts and SQL/database administration.
• In-depth Knowledge of DoD or Air Force cyber operations policies and guides.
• Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community.

Medical, Dental, Vision, Unlimited Vacation, Sick Leave, Paid Federal Holidays, Education and Certification Reimbursement Program, 401(k) retirement plan with safe harbor employer match after 3 months, Prepaid legal plan and ID protection plan available, Accident Insurance, Critical Illness Insurance, and Hospital Indemnity Insurance available.