Returning Candidate?

Cyber Tool Engineer II

Cyber Tool Engineer II

Job Location 
# of Openings 
Security Clearance 
Active Top Secret
Percentage of Travel Required 
Regular Full-Time

More information about this job


Provide technical security monitoring functions within the Cyber Security team. Analysis and hands on investigation within a dynamic environment extending across event monitoring, security intelligence, threat analysis, and usage of advanced threat detection technologies.


  • Monitor daily event collection, security intelligence and emerging threat information sources including SIEM, vendors, researchers, websites, newsfeeds, and other sources
  • Perform analysis of all threat/vulnerability sources assessing any impacts to DOS infrastructure and systems and provides an assessment, recommendations and potential actions correlative to the security threat posture and matures the current vulnerability and scanning/assessment capabilities
  • Coordinate responses, triage, and escalation activities for security events affecting the information assets and activities with the incident response team as part of the security incident response lifecycle
  • Identify and create use cases within the SIEM tool
  • Serve as one of the technical experts on the team
  • Develop communication channels with technology owners and the business to evangelize the evolving threat landscape
  • Give structured presentations to different audiences such as business, technical, or management
  • Establish and maintain business relationships with individual contributors as well as management
  • Lead efforts in the improvement and development of process/procedure manuals and documentation for the escalation of threat intelligence, advanced persistent threat detection, vulnerability analysis, and incident response handling
  • Maintain a continuous process improvement work environment, for security monitoring, security configuration standards and threat analysis recommending and implementing new/improved process in accordance with existing policy, industry standards and best practices


  • Education:
    • College Degree in Information Science or related field
  • Required Knowledge/Experience:
    • 5+ years of Information Security or related technology experience
    • 3+ years of Information Security Incident and Event Monitoring experience
    • 3+ years of experience with advanced knowledge of network protocols, routing and switching in complex environments
    • Demonstrated experience with using the command line interface (Unix, Linux, and Windows)
    • Advanced scripting experience (Python, Shell, Bash, Java, etc.)
    • Ability to communicate clearly, effectively, persuasively and credibly with internal and external customers and various levels of management both verbally and in written form
    • Self-starter with the ability to work independently or within a dynamic team environment
    • Attention to detail, logical and analytical thinking and systematic problem solving capability
    • Adept with researching and investigating anomalies
    • Experience working in a Security Operations Center (SOC) environment
    • Employ relevant security knowledge and experience in two or more of the following areas: security operations, security intelligence, threat analysis, security event management, log analysis, and network/host intrusion detection
    • Prior experience with system and security administration of multiple platforms and operating systems such as Unix/Solaris/AIX/Linux, Databases and Microsoft Windows
    • Demonstrated experience with using and/or implementing SIEM technology (Splunk, Arcsight, QRadar, etc), and use cases
    • Demonstrated experience in handling SIEM events and response in critical environments (Email Threat Analysis, Web Threat Analysis, Malware Analysis, etc)
    • Strong knowledge of enterprise detection technologies and processes (Advanced Threat Detection Tools, IDS/IPS, Network Packet Analysis, Endpoint Protection)
  • Preferred Knowledge/Experience:
    • Bachelor’s degree in Computer Science, Information Technology, or Engineering
    • Advanced knowledge of programming, SQL, Firewalls, WAF, Advanced Persistent Threats, Zero Day Exploits, Reverse Engineering Malware, Vulnerability Analysis/Assessment, and Data Loss Prevention
    • Proven ability to lead and influence across and up during business impacting events
    • Ability to influence and guide decision making in crisis moments
    • GCIA, GCIH, CISSP, CEH, GREM, or CCNA certification highly preferred with other security certifications

Other Responsibilities

  • Perform other tasks consistent with the goals and objectives of the department/contract
  • Perform other duties as assigned bySr Program Executive

Invest in a company that invests in you! Copper River provides its employees with ample opportunities for career growth and development. Tuition reimbursement is offered to help employees further their education and skillset. Other perks include Open Leave, 401k matching with immediate vesting, Medical, Vision, and Dental coverage.


EEO/AA Employer Minorities/Females/Vets/Disability


Disclaimer: The above statements are intended to describe the general nature and level of work performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.