Detection Engineer Analyst

Resource Management Concepts, Inc. (RMC) provides high-quality, professional services to government and commercial sectors. Our mission is to deliver exceptional management and technology solutions supporting the protection and preservation of the people and environment of the United States of America.

RMC is hiring a Detection Engineer Analyst to support an active government contract in Quantico, Virginia, providing defensive cyberspace operations and Cyber Security Service Provider (CSSP) functions. This position will support the government's mission to deny, disrupt, and degrade adversaries’ abilities and attempts to disrupt, exploit and attack the information technology (IT) services provided to network users. 

The selected applicant will perform a variety of activities including but not limited to:

• Develop detection use cases based on current threats, the MITRE ATT&CK framework, and government direction.
• Review incident reporting to tune related detection use cases as necessary.
• Review Security information and event management (SIEM)/ Security orchestration, automation, and response (SOAR) incident queue for unnecessary events and alerts and implement corrective actions.
• Identify gaps in logging and detection capabilities across attack surface.
• Assist in implementing new log ingestion and verify proper parsing and normalization of data in SIEM/SOAR.
• Create high fidelity correlation rules, signatures, filters, and automations and maintain low false-positive rate.

Required

• Active TS/SCI (DoD TOP SECRET clearance with Sensitive Compartmented Information access) eligibility is required. Applicant selected can begin supporting this position with an Active DoD SECRET clearance. Applicant selected will be subject to security investigation(s) and must maintain eligibility requirements for access to classified information.
• College degree in a technical or managerial related discipline AND Five (5) years of practical experience in a Cybersecurity, Engineering, Information Technology, and/or Defensive Cyberspace Operations; OR
• H.S. Diploma or equivalency certificate AND Seven (7) years of practical experience in the same.
• DoD 8570 IAT Level III certification (or be able to obtain within 180 days).
• DoD 8570 CSSP Analyst certification (or be able to obtain within 180 days).
• Experience writing signatures (e.g., KQL/Snort/ePO/Yara) for network and host IDS/IPS.

Desired

• Microsoft Cloud Security training is highly recommended.
• Microsoft Azure and Microsoft Defender XDR.
• Microsoft Sentinel Ninja Training.
• Microsoft Defender For Endpoint Ninja Training.
• Microsoft Defender For Identity Ninja Training.
• Microsoft SC-XXX Training (certifications).

Schedule: M-F, 5 X 8, between 7:00am EST and 5:00pm EST, normally not to exceed 40 hours per week.

This position may require extended or non-standard hours occasionally to support major cyber incidents. This position is considered essential and may be required to report during hazardous weather, power outages, fuel shortages, pandemics, and other emergencies.

At RMC, we're committed to your career growth! RMC differentiates itself from other firms through its investment in our employees. We invest our resources to train, certify, educate, and build our employees.

RMC can offer you a great place to work with a small company feel and give you the experience, tuition assistance, and certifications that will take your career to the next level. We offer Monday to Friday full-time day shift work, and can assist in paid relocation. This also includes a competitive paid vacation package with 11 paid federal holidays. Additionally, we also offer high-quality, low-deductible healthcare plans, pet insurance, and a competitive 401K package.

Salary at RMC is determined by various factors, including but not limited to location, a candidate's specific combination of education, knowledge, skills, competencies, and experience, as well as contract-specific requirements. The current salary range for this position will be $120,000 to $140,000 (annually).

#LI-LL1