Cyber Capability Developer SME Position Available In Madison, Alabama
Tallo's Job Summary: This job listing in Madison - AL has been recently added. Tallo will add a summary here for this job shortly.
Job Description
Cyber Capability Developer SME at ECS Corporate Services
Cyber Capability Developer SME at ECS Corporate Services in Redstone Arsenal, Alabama
Posted in Other 3 days ago.
Job Description:
ECS is seeking a Cyber Capability Developer SME to work in our Redstone Arsenal, AL office.
Please Note:
This position is contingent upon contract award.
ECS is seeking a highly skilled Cyber Capability Developer to support cybersecurity operations for the Federal Bureau of Investigation (FBI) in the ESOC. In this role, you will design, develop, and maintain cybersecurity automation, detection, and response capabilities, with a strong emphasis on leveraging Splunk for Security Information and Event Management (SIEM). This role collaborates with ESOC analysts and engineers to enhance security monitoring, incident response, and operational efficiency using Splunk and related technologies.
Key Responsibilities:
Design, develop, and maintain custom security tools, scripts, and automated workflows to support ESOC operations, with a primary focus on Splunk SIEM integrations.
Develop, upgrade, and enhance the enterprise SIEM strategy and implementation via Splunk, including data flow diagrams, log management, and alert feed architectures for seamless alert integration.
Configure Splunk tools, settings, alerts, and notifications to improve security resilience, including implementation of Security Orchestration, Automation, and Response (SOAR) capabilities.
Create and tune Splunk detection content, including correlation rules, dashboards, and reports for threat detection andpliance monitoring.
Monitor and analyze security events and alerts in Splunk, conducting detailed investigations to identify and respond to potential security incidents.
Collaborate with incident response teams, providing technical expertise and developing new detection and response capabilities within Splunk.
Document development efforts, including system design, standard operating procedures, and user guides for Splunk-based solutions.
Stay current with emerging cybersecurity threats, trends, and SIEM best practices, and rmend innovative solutions for ESOC integration.
Mentor junior team members on Splunk development, SIEM best practices, and security automation.
Active Top Secret clearance with the ability to obtain SCI with CI Polygraph
Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field (or equivalent experience).
Minimum 15 years IT experience, with at least 10 years in cybersecurity and 5 years of hands-on experience with Splunk.
Security Operations Center (SOC) experience
Strong proficiency in scripting or programming languages (e.g., Python, PowerShell) for Splunk automation and integration.
Experience developing and tuning SIEM use cases, correlation rules, and alerts in Splunk.
Solid understanding of network protocols, system logs, and security event correlation.
Experience working with incident response teams for triage and analysis using Splunk.
Splunk SIEM architecture and administration
Security automation and orchestration
Custom tool and script development for Splunk
Incident detection and response support using Splunk
Threat and vulnerability analysis
Documentation and process improvement
This role is 100% onsite
