Overview SOSi is seeking a highly qualified DCO Content Developer / Detection Engineer to support our customer in Weisbaden Germany. Essential Job Duties - Work as a member of the Cyber Detection Engineering Team to increase the security posture of organization - Strategize and identify unique opportunities to locate and collect new data, explore and mine data, and determines and ascertain the outcome - Develop customized algorithms to solve analytical problems with incomplete data sets and implement automated processes for efficiently modeling and analyzing data output. - Designing, develop, test, and implement data analytics to meet cyber network defense security requirements and support network intrusion monitoring on information systems and networks. - Create Splunk dashboard to serve as the center point of initial intrusion analysis and information assurance awareness - Manage intrusion detection engines policies and rules sets - Identify and investigate vulnerabilities, asses exploit potential, and create analytics in the SIEM engines to automatically detect events with high confidence - Prepare charts and diagrams to assist in metrics analysis and problem evaluation, and submit recommendations for data mining and analytical solutions - Review daily cyber threat reports, open source reporting, reoccurring analytic alerts and penetration testing results to build SIEM correlation rules - Contribute to the design, development and implementation of countermeasures, system integration, and tools specific to Cyber and Information Operations - Draft reports of vulnerabilities to increase customer situational awareness and improve the customer's cyber security posture - Assist all sections of the Defensive Cyber Operations team as required in performing Analysis and other duties as assigned - May perform documentation and vetting of identified vulnerabilities for operational use - May prepare and presents technical reports and briefings - Utilize your solid understanding of networking protocols, their uses, and their potential misuses Minimum Requirements - An active in scope Top Secret/SCI clearance is required - Bachelor in related discipline 5, AS 7, major certification 7 or 11 years specialized experience - Must meet DoD 8140 DCWF 511 requirements (B.S., M03385G, M10395B, M22385, A-150-1980, A-150-1202, A-150-1203, A-150-1250, A-531-0451, A-531-4421, A-531-1900, WSS 011, DISA-US1377, GFACT, GISF, Cloud, GCED, PenTest, Security, or GSEC) - Must have one of the following additional certifications (GDAT, GCDA, Elastic Certified Observability Engineer, ArcSight ESM Advanced Analyst, Splunk Enterprise Certified Admin, or Splunk Enterprise Certified Architect) - Experience in strategizing and identifying unique opportunities to locate and collect new data, explore and mine data - Experienced in developing customized algorithms to solve analytical problems with incomplete data sets, and implementing automated processes for efficiently modeling and analyzing data output - Experience in designing, developing, testing, and implementing data analytics to meet cyber network defense security requirements - Must have a full understanding of all aspects of Defensive Cyber Operations - Experience with Intrusion systems such as Snort, Suricata, and/or Zeek - Experience with writing SPL in Splunk to create complex searches and custom dashboards - Must be able to obtain certification as a Technical Expert by the German Government under the Technical Expert Status Accreditation (TESA) process Preferred Qualifications - Bachelors degree in Engineering, Computer Science, or Mathematics - Experience with writing rules and trends in ArcSight ESM - Experience with writing Snort or Suricata IDS rules - Experience with identifying Microsoft Windows event IDs and how they relate to the Mitre ATT&CK Matrix - Experience with interpreting firewall and proxy logs - Experience with Git and VScode - Programming experience in one or more languages - Experience with one or more scripting languages such as PowerShell, Bash, Python or Perl Work Environment - Working conditions are normal for an office environment. - On site in Wiesbaden, Germany - Fast paced, deadline-oriented environment. - May require periods of non-traditional working hours including consecutive nights or weekends (if applicable) Working at SOSi All interested individuals will receive consideration and will not be discriminated against for any reason.