Cyber Threat Engineer

Description:This position works out of our Lillehei, MN, location in the GIS-Global Information Services, Cyber Threat Engineering Team. This role is onsite with the potential to work one or two days remotely, subject to change at any time.As the Cyber Threat Engineer with networking focus, you will have the opportunity to investigate the Techniques and Tactics employed by Threat Actors when compromising networks. You will assist with cyber security network device deployments and other ongoing projects that help secure our client's system and networks. Collaborate with the Cyber Threat Engineering team and Incident Response Team in the development Splunk Risk Rules and Risk Based Alerting (RBA) creating detections for threat activity within our global corporate and manufacturing networks. Provide technical guidance within the Cyber Threat Engineering team and support cross departmental briefings.You will interact with many teams including the Border team and its sub teams to understand our overall network and its deployed network cyber security sensors. You will provide your expert opinion and guidance with various network, firewall, IDS/IPS, Armis, ZScaler and other projects and within the CTEs day to day role, with a focus to improve overall network and systems cyber security. Investigate deployed sensors and ensure we are fully capitalizing on our sensors capabilities including the available data and API capabilities, assist in integration sensors into Splunk and XSOAR. You will join the Cyber Threat Engineering team in supporting the Incident Response Team during significant cyber events within the enterprise.CORE JOB RESPONSIBILITIES:-Ability to search and assist in building detections with Splunk Search Processing Language (SPL) for multiple sensors (Firewall, IDS/IPS, EndPoint Protection, Proxy, and more) incorporating the MITRE ATT&CK Model.-Proactively ingest Digital Forensics, and Incident Response reports from a wide variety of sources. Build detections for cyber-based threats and risks, both current and future, creating and deploying detections as needed.-Assist with the automation of manual tasks through technology integrations via scripting and orchestration of playbooks.-Participate in cross-team coordination to achieve defined security goals and meet technical requirements in support of detailed implementation plans for security projects.-Develops response strategies and technical support documents, summaries, reports, presentations, and other designated products.-Support the advancement of our client's Cybersecurity Operations program to ensure consistent detection, analysis, response, and monitoring of cybersecurity threats, including actors, campaigns, and vulnerabilities.Skills:Splunk, Python, powershell, Splunk Programming Langauge, Network security, Cyber security, Firewall, IAMTop Skills Details:Splunk,Python,powershell,Splunk Programming Langauge,Network securityAdditional Skills & Qualifications:PREFERRED QUALIFICATIONSGIAC (GCIH, GSEC, GCFA, GREM), OSCP or equivalent certifications preferred.5+ years of experience directly related to the area of incident response, digital forensics, malware analysis, threat hunting, cyber threat intelligence, or content development/tuning.Experience with programming and scripting languages, preferably Python and PowerShell.Solid networking background with Identity and Access Management (IAM) background as a plus.Strong written and verbal communication skills; must be able to effectively communicate to all levels of staff up to executive-level management, customers (internal and external), and vendors.Be available for on-call duty to handle high-impact cybersecurity incidents. On-call is infrequent but possible.Be driven for personal development through security conferences, Capture the Flags (CTF), lab time and research.Be a team player committed to the mission and continuous development of the Cyber Threat Action Center, peers, and our client's customersExperience Level:Intermediate LevelAbout TEKsystems: We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company. The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.