Cyber Security Analyst - SIEM Content Developer

Security, Analyst, Developer, Development, Network, Analysis, Computer, Engineering, Systems, Python, Testing, Recruiter
Full Time
Work from home available

Job Description


Bowhead seeks a Cyber Security Analyst - SIEM Content Developer to support the AFCERT DCO HAC contract in San Antonio, TX.
Content Developer implements use cases based on mission requirements that provide Analysts with a manageable SIEM view of security incidents, complete with workflow and reporting. Additionally, Content Developer contractor employees shall provide proactive housekeeping of associated content (use cases) with consideration for revisions and/or decommissioning. Content Developer contractor employees shall be in close collaboration with DO and DM leadership to ensure tasks align with squadron requirements, priorities, and future initiatives. Content Development contractor employees may be required to provide 24 hour coverage (work) for seven (7) days a week, 365 days a year.
• Analyze DCO events.
• Apply current industry SIEM best-practices.
• Use security alerts with log context to identify real attacks
• Establish security control effectiveness and monitor for unauthorized outbound connections
• Create detections by analyzing log data across the enterprise. (CDRL A007)
• Develop dashboards and visualizations to identify adversarial activity. (CDRL A007)
• Use log data to establish and implement virtual tripwires for early detection.
• Analyze endpoint security logs.
• Conduct designing, implementing, and testing of various SIEM solutions. (CDRL A007)
• Create and support the creation of SIEM Use Cases. (CDRL A008)
• Create, test, and validate filters and rules. (CDRL A007)
• Build and implement event correlation rules, logic, and content in the SIEM. (CDRL A007)
• Tune SIEM event correlation rules and logic to filter out security events associated with known and well established network behavior, known false positives and/or known errors.
• Analyze malware threats to develop behavior based detections that alert and/or prevent malicious activity.
• Automate tasks in the SIEM using a common programming or scripting language.
• Create scheduled and ad-hoc reporting with SEIM tools. (CDRL A007 and A008)
• Create and maintain SIEM documentation. (CDRL A008)
• Develop and execute a process to review and maintain SIEM resources such as rules, filters, lists, trends and reports.
• Utilize SIEM to facilitate metrics collection, analysis, and reporting.
• Provide training to government personnel as requested.
• Provide knowledge transfer of tools, processes and procedures to government personnel as requested.
• Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
• Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. (CDRL A002)
• Create, document, and report metrics for analysis to improve weapon system processes and mission execution. (CDRL A009).
• Support operational leaderships tasking as it relates to Content Development functions and responsibilities

Bowhead seeks to network with qualified individuals relative to a potential opportunity, which is contingent upon award and not currently funded. Please click the link at the bottom of this posting to apply for consideration. Incumbent employees are encouraged to respond. No solicitations or third party applications will be accepted.
• More than five (5) years of SIEM technology such as Arcsight, Splunk and/or ELK. Including, but not limited to, log handling, reports, filters, rule creation.
• Extensive knowledge with IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and Agencies (i.e., Air Force, Navy, Army, DC3, DISA).
• More than three (3) years of experience with Network Traffic Analysis; ports and protocols.
• Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects)
• BA/BS Computer Science, Computer Engineering, Computer Information Systems, Computer Systems Engineering or related degree preferred
• Must be able to travel on short notice

Certification Requirements:
• IAT Level III CND compliance.

Additionally, more than one (1) year of experience with Security, Orchestration, Automation, and Response (SOAR) platforms such as Phantom and/or Demisto. Proficient in Python and PowerShell.

SECURITY CLEARANCE REQUIREMENTS: Must currently hold a security clearance at the Top Secret/SCI level. US Citizenship is a requirement for Top Secret clearance at this location.

Applicants may be subject to a pre-employment drug & alcohol screening and/or random drug screen, and must follow UIC's Non-DOT Drug & Alcohol Testing Program requirements. If the position requires, an applicant must pass a pre-employment criminal background history check. All post-secondary education listed on the applicant's resume/application may be subject to verification.

Where driving may be required or where a rental car must be obtained for business travel purposes, applicants must have a valid driver license for this position and will be subject to verification. In addition, the applicant must pass an in-house, online, driving course to be authorized to drive for company purposes.

UIC is an equal opportunity employer. We evaluate qualified applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other protected characteristics EOE/AA/M/F/D/V. In furtherance, pursuant to The Alaska Native Claims Settlement Act 43 U.S.C. Sec. 1601 et seq., and federal contractual requirements, UIC and its subsidiaries may legally grant certain preference in employment opportunities to UIC Shareholders and their Descendants, based on the provisions contained within The Alaska Native Claims Settlement Act.

All candidates must apply online at, and submit a completed application for all positions they wish to be considered. Once the employment application has been completed and submitted, any changes to the application after submission may not be reviewed. Please contact a UIC HR Recruiter if you have made a significant change to your application. In accordance with the Americans with Disabilities Act of 1990 (ADA), persons unable to complete an online application should contact UIC Human Resources for assistance (

UIC Government Services (UICGS / Bowhead) provides innovative business solutions to federal and commercial customers in the areas of engineering, maintenance services, information technology, program support, logistics/base support, and procurement. Collectively, the fast-growing Bowhead Family of Companies offers a breadth of services which are performed with a focus on quality results. Headquartered in Springfield, VA, we are a fast-growing, multi-million-dollar corporation recognized as one of the top 25 8(a) companies for government contracting.

Bowhead offers competitive benefits including medical, dental, vision, life insurance, accidental death and dismemberment, short/long-term disability, and 401(k) retirement plans as well as a paid time off programs for eligible full-time employees. Eligible part-time employees are able to participate in the 401(k) retirement plans and state or contract required paid time off programs.

Link to Apply:*5E48C55D60D9A9F1

  • UIC and its Family of Companies is an equal opportunity employer. We evaluate qualified applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other protected characteristics EOE/AA/M/F/D/V.
  • Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
  • Please view Equal Employment Opportunity Posters provided by OFCCP here .
  • The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
  • Dice Id : 10122062
    Position Id : 21-0346
    Originally Posted : 4 months ago
    Have a Job? Post it