Senior Threat Engineer (TS/SCI Clearance Required) - InQuest San Antonio, TX, USA Bookmark Share Print 557 0 2

Listing Description

The InQuest team works with real-world, high profile networks on a daily basis and draws influences from actual attacks to publish new signatures and intelligence feeds on a regular weekly basis or as needed. In addition to detecting inbound malicious content, we additionally monitor attacker infrastructure to detect any outbound connection attempts to known malicious IP/Domain endpoints. Finally, we utilize our file processing techniques to detect data exfiltration attempts. We dogfood our product like no other, resulting in a very tight feedback loop between the lab and the field.

We love our jobs and are looking for a candidate truly passionate about both the mission and our platform. You'll perform threat hunting using a novel and rapidly evolving data acquisition and analysis platform. Analyze, tune, and develop threat detection signatures. Automate reproducible experiments and result reports. Track and predict efficacy over time. Our product is purpose-built by SOC analysis for SOC analysts. We're looking for a candidate with the drive and grit to push the envelope.

The role is based in San Antonio (TX) and requires an active TS/SCI security clearance. We have offices in Austin (TX) and will hold regular collaborations with other members of the team.

Must have extensive knowledge and understanding of network operations, installation, and network monitoring procedures. Experience with various types of Intrusion Detection Systems (IDS) & Intrusion Prevention Systems (IPS) and knowledge of best practices regarding CND architecture and signature development. Knowledge of CERT procedures and NOSC operations. Optimally looking for a candidate with experience in Shell or Python scripting and the use of regular expressions for pattern matching.An active TS/SCI clearance is required for this position.

Ensuring CND device uptime, availability, and integrity.

IDS/IPS, WCF, SIEM performance baselining and measurement.

Defining SIEM Content.

Documenting processes and procedures of all security engineering and infrastructure operations

An in-depth knowledge of TCP/IP as well as network analysis using various toolsets (tcpdump, wireshark, etc.)

Have an advanced understanding of regular expressions

Have an understanding of scripting languages (perl, python, etc.)

Have an in-depth knowledge of hacking techniques and attack methodologies as well as mitigations.

Demonstrate an ability to work independently with minimal supervision.

Demonstrate an ability to handle concurrent projects and assignments.

Demonstrate a desire and willingness to continue to expand your area of knowledge in security best practices and technologies.

Focus under pressure and respond appropriately to critical situations or incidents.