Overview BigBear.ai is seeking a Cybersecurity Operations Engineer to support our team as we enhance our cybersecurity posture. As a member of our team, you'll keep an eye on the evolving threat landscape, staying ahead of emerging threats that may target our company, customers, and vendors. To excel in the Security Operations team, you must be curious, passionate, and willing to spend long hours learning about systems, security tools, and evolving threat actor methodologies. As the last line of defense, you will play a vital role in upholding the overall security stance of businesses by reviewing events that occur within the security stack, pinpointing vulnerabilities, escalating incidents, and advising or deploying mitigation tactics. You will conduct research to understand our technological footprint, the potential pathways attackers could traverse to compromise our systems and develop detection strategies to ensure we quickly identify malicious activity. Tooling and automation will be key to success as we scale our business to meet the dynamic demands of our customers. We are a small team of geographically dispersed high performers. While prior experience working remotely isn't required, you must perform well given a high level of independence and autonomy while collaborating asynchronously within and across teams. This role is 100% remote but may require occasional travel to the DC metropolitan area. What you will do Monitor substantial amounts of data from various sources. Investigate, document, and report on any information security (InfoSec) issues as well as emerging trends. Conduct threat and vulnerability analysis. Assist with the implementation, operationalization, or optimization of projects in support of the cybersecurity program. Conduct network and system vulnerability assessments using appropriate security tools to identify and address potential threats. Follow and establish security monitoring and response procedures and processes for monitoring system security events and measuring compliance with organizational security policies and procedures. Ensure the success of the vulnerability management program by triaging security risks and working with system owners to mitigate findings in accordance with SLAs. Work closely with the GRC team on the development and implementation of standards, operating procedures, and controls. You will also coordinate and document exemptions to established security controls. Assists with external information security audits for regulatory compliance and assessments such as penetration testing. Other duties as assigned. What you need to have Clearance not initially required, however, must be clearable to SECRET. Experience: 5+ years of experience in a SOC, with demonstrable experience using security tools such as: Security Information and Event Management (SIEM) solutions, firewalls, vulnerability scanners, SOAR, and EDR/MDR technology. Minimum 3-5 years of experience with log integration and analysis. Experience operating within NIST 800-171, NIST-800-53, CMMC or equivalent cybersecurity frameworks. Technical skills: You must possess the ability to quickly analyze large amounts of information and identify patterns that may signify potential security incidents. Firm grasp of anomaly identification, incident response, and threat mitigation. Must be familiar with MITRE ATT&CK and Cyber Kill Chain methodologies. Proficient understanding of Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols. Working knowledge of Operating System security Ability to break down complex detection logic, and to explain to others how the detection works, the theory behind it, and what to do when the alert is triggered. Understanding of which logs are available and useful for: Linux (Production Workloads), Mac, Windows AWS, GCP, and Azure Soft Skills: Excellent written and oral communication skills. Must be able to clearly communicate risks at both strategic and tactical level. Must work well under pressure. Cybersecurity incidents don’t just happen from 9-5 so you must be flexible with your schedule. You must have the maturity and experience to recognize when an incident is critical and must be escalated. What we'd like you to have Scripting skills in Python, PowerShell, Bash, SQL, or Perl. ServiceNow IT Operations Zscaler or other SASE solution Cloud Security expertise Cloud Workload Forensics - Memory and Storage collection and analysis Understanding of legal holds, chain of custody and other IR activities Understand how to develop rules utilizing hypothesis driven detection research leveraging tools such as: YARA rules Python Athena, SQL, Presto etc. Threat Intelligence Services and OSINT About BigBear.ai BigBear.ai delivers AI-powered analytics and cyber engineering solutions to support mission-critical operations and decision-making in complex, real-world environments. BigBear.ai’s customers, which include the US Intelligence Community, Department of Defense, the US Federal Government, as well as customers in manufacturing, healthcare, commercial space, and other sectors, rely on BigBear.ai’s solutions to see and shape their world through reliable, predictive insights and goal-oriented advice. Headquartered in Columbia, Maryland, BigBear.ai is a global, public company traded on the NYSE under the symbol BBAI. For more information, please visit: http://bigbear.ai/ and follow BigBear.ai on Twitter: @BigBearai.