Job Detail

Cybersecurity Countermeasures Developer - CACI International
St. Louis, MO
Posted: Feb 23, 2024 13:29

Job Description

Cybersecurity Countermeasures Developer

Job Category: Information Technology

Time Type: Full time

Minimum Clearance Required to Start: TS/SCI

Employee Type: Regular

Percentage of Travel Required: Up to 10%

Type of Travel: Local


CACI IS THE WINNER!!! of a long-term prime contract with the National Geospatial-Intelligence Agency (NGA) for Transport & Cybersecurity Services (TCS) contract. The functional capabilities are to provide the information technology (IT) infrastructure services required to deliver timely, relevant, and accurate support of national security. TCS will provide innovative design, engineering, procurement, implementation, operations, sustainment, and disposal of transport and cybersecurity IT services on multiple networks and security domains, at multiple locations worldwide to support the NGA mission.

In this role, we're seeking a Cybersecurity Countermeasures Developer who could potentially be located in either Springfield, VA or Saint Louis, MO .

Reporting to the Lead of Focused Operations, under the Branch Chief of Defensive Cyber Operations, you will be tasked with developing and maintaining defensive countermeasures for the enterprise. Working within a Fusion model will collaborate with other teams within Focused Operations with the distinct task of proactively preventing a successful compromise and eradicating persistent adversaries already in the enterprise. This will be done through various means such as: reviewing future and past intelligence reports, reviewing incident reports, through regular Purple Teaming exercises, and continuously validating Defensive Countermeasures already deployed.

What You'll Get to Do:

  • Analyzes trends and patterns of data on NGA networks to identify and predict previously undiscovered events and incidents, and develop or tune rules/signatures/scripts as needed;

  • Coordinates with other Cybersecurity Operations to develop or tune rules/signatures/scripts;

  • Coordinates with other Cybersecurity Operations Services to investigate and obtain information about potential sources of compromise on NGA systems, and develop or tune rules/signatures/scripts as needed;

More About the Role:

  • Correlates and analyzes precursors to incidents, and develops or tunes rules/signatures/scripts as needed;

  • Improve SIEM alert efficiency through evaluation of valid alerts and false positives, and develop or tune rules/signatures/scripts as needed;

  • Assists the Cyber Incident Response Team by assessing ongoing incident activity to predict adversary responses and locations of compromise;

  • Documents all work in the authorized ticketing system with a sufficient level of detail to ensure the Government and other contract services can systematically reconstruct the analysis;

  • Provide input to the daily CSOC Significant Activity Report, the daily CSOC Operations Update, and the Weekly CSOC Status Report;

You'll Bring These Qualifications:

  • Must be a US Citizen with an Active TS/SCI.

  • 8+ years of related advanced cyber security analytics work experience.

  • Must have a certification that is compliant with DoD 8140.01 and DoD 8570.01-M IAT Level III and CSSP Analyst.

  • Experience with data mining or building queries in a SIEM.

  • Strong understanding of signature development and tuning.

  • Strong understanding of network protocols and analysis with protocol analyzers.

  • Knowledge of static file signatures, i.e. "magic numbers" and how they apply to developing countermeasures for files in transit and that reside locally on a host.

  • Good working knowledge of regular expressions.

These Qualifications Would Be Nice to Have:

  • Comfortable in a hex editor.

  • Ability to write Python/bash/PowerShell scripts.

  • Ability to analyze each use case, as it pertains to detection logic, and identify the corresponding capability.

  • Good understanding of Purple Team Tactics.

What We Can Offer You:

  • We've been named a Best Place to Work by the Washington Post.

  • Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.

  • We offer competitive benefits and learning and development opportunities.

  • We are mission-oriented and ever-vigilant in aligning our solutions with the nation's highest priorities.

  • For over 60 years, the principles of CACI's unique, character-based culture have been the driving force behind our success.

Company Overview:

CACI is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other protected characteristic.

Pay Range : There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits. Learn more here (https://careers.caci.com/global/en/employee-benefits)

Since this position can be worked in more than one location, the range shown is the national average for the position.

The proposed salary range for this position is:

$68,400-$143,700



Job Detail


Company Overview

CACI International

St. Louis, MO