Key Responsibilities
Implement AI-enabled solutions for cybersecurity operations and adapt existing processes to integrate emerging AI capabilities into standard operations.
Provide key requirements, observations, design suggestions, and artifacts to inform the development of AI technologies that will support the adoption of AI technology into cybersecurity operations.
Monitor real-time network activity flagged by a variety of intrusion detection, prevention, and analysis platforms and analyze raw data, metadata, and event logs to confirm suspected intrusion attempts into either local (on-premises) or cloud computing systems and use that information to inform the creation of AI-enabled cyber defense capabilities.
Author and implement custom detection content for signature-based detection systems, security information and event management (SIEM) systems, host-based detection systems, and firewall logic.
Use security orchestration and automation tools, augmented with AI, to triage events and suggest improvements on existing detections to reduce false positives and rapidly remediate redundant or repetitive detections.
Investigate network anomalies and respond to cybersecurity incidents with a focus on AI-enabled cybersecurity operations.
Abide by all governance and standards as defined by the Board or levied by external entities to remain compliant with all requirements when implementing AI solutions.
Develop analytic products and reports that demonstrate the effectiveness of AI-enabled cybersecurity operations to include metrics, incident reports, and threat hunt analysis reports.
Required Qualifications
5+ years of hands-on cybersecurity operations experience that includes use of technologies such as Splunk, CrowdStrike, Palo Alto, Trellix (FireEye), CoreLight, Cisco Firepower Threat Defense, etc.
3+ years of hands-on cybersecurity operations experience that includes cloud resident technologies in Amazon Web Services, Microsoft Azure, Service Now, etc.
Hands on experience implementing AI solutions for a Security Operations Center (SOC) or Cybersecurity Operations team.
Experience using intrusion detection, prevention, and analysis platforms that are designed to identify and/or technically counter attempted intrusions.
Experience authoring and implementing custom detection content for signature-based detection systems, security information and event management (SIEM) systems, host-based detection systems, and firewall logic.
Experience monitoring real-time network activity flagged by a variety of intrusion detection, prevention, and analysis platforms and experience analyzing the resulting raw data, metadata, and event logs to confirm suspected intrusion attempts into either local (on-premises) or cloud computing systems.
Preferred Qualifications
Demonstrated experience implementing AI-enabled cybersecurity solutions in a SOC environment.
Experience operating in government environments that follow NIST, FISMA, FedRAMP, and OMB guidance.
Strong problem-solving and analytical skills
Excellent communication and documentation skills