Sistema Technologies, Inc.

Network Security Engineer 0057

Sistema Technologies, Inc.  •  San Antonio, TX (Hybrid)  •  1 hour ago
Apply
Save Job
Mark Applied Mark Interviewed Mark Offered
Hide Job Report Job
AI can make mistakes so check important info. Chat history is never stored.

Job Description

San Antonio, TX
Network Security Analyst - Solicitation# 37100057
Texas Cyber Command (TXCC)

  • Engineer, maintain, and tune SIEM platforms (Google SecOps, Gravwell), including correlation rules, dashboards, enrichment logic, and detection content.
  • Configure, tune, and optimize IDS/IPS technologies (Corelight, Tipping Point, Cisco Firepower), including signature development and false-positive reduction.
  • Perform packet capture (pcap) analysis to validate alerts, identify malicious traffic, and support investigations using Netwitness or Corelight.
  • Conduct network traffic analysis to detect anomalies, lateral movement, and command‑and‑control activity.
  • Strong understanding of network security architecture, including distributed sensors (Corelight), packet capture systems (NetWitness), and log pipelines (CRIBL, Gravwell, Google SecOps).
  • Operationalize threat intelligence feeds within SOC platforms and customers, converting indicators into detection logic, correlation rules, and automated enrichment workflows.
  • Continuously tune detection content based on intelligence‑driven insights, improving alert fidelity and reducing false positives across statewide monitoring.
  • Develop and maintain orchestration playbooks within Cyware, integrating SIEM, EDR, threat intelligence, and ticketing systems to support statewide monitoring expansion and rapid incident handling.
  • Support SOC operations by providing detection engineering, log onboarding, and data normalization.
  • Develop and maintain network security monitoring infrastructure, including sensors, collectors, and log pipelines.
  • Collaborate with Incident Responders to provide network‑level evidence, context, and threat validation.
  • Produce engineering reports, tuning documentation, and platform health assessments.
  • Implement detection logic aligned with MITRE ATT&CK, threat intelligence, and emerging adversary behaviors.
  • Produce engineering documentation, tuning reports, platform health assessments, and detection coverage maps using data from Firepower, TippingPoint, Corelight, NetWitness, Microsoft Sentinel, and Google SecOps


Candidate must be a U.S. citizen, pass required background checks, complete required cybersecurity, privacy, and operational training before gaining system access, and comply with TXCC security and data-handling requirements. Occasional after-hours support may be required with TXCC approval. Work must be performed from within the United States unless TXCC grants prior written approval.
The working position is Hybrid - On Site and Telework.

Minimum Requirements: Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity. Actual

Years

Experience Years

Experience

Needed Required/

Preferred Skills/Experience   5 Required SOC operations experience   5 Required Hands‑on experience with IDS/IPS platforms, specifically Cisco Firepower and TippingPoint, including signature tuning, false‑positive reduction, and threat‑driven detection improvements.   5 Required Advanced packet capture (pcap) and network analysis skills using Corelight, NetWitness, and CRIBL pipelines to identify anomalies, malicious traffic, and lateral movement.   5 Required Experience maintaining and tuning EDR platforms, including CrowdStrike Falcon and SentinelOne, and integrating EDR telemetry into SIEM and orchestration workflows.   5 Required Threat intelligence application expertise   5 Required Develop detection logic aligned with adversary TTPs   6 Preferred Experience operationalizing threat intelligence by converting indicators and TTPs from Recorded Future, ThreatMon, GreyNoise, Google Threat Intelligence, VirusTotal, and Mandiant into SIEM rules, IPS signatures, and automated enrichment logic.   5 Preferred Experience operationalizing threat intelligence by converting indicators and TTPs from Recorded Future, ThreatMon, GreyNoise, Google Threat Intelligence, VirusTotal, and Mandiant into SIEM rules, IPS signatures, and automated enrichment logic.   5 Preferred Perform packet-level analysis to validate alerts and identify malicious activity   5 Preferred Serves as an escalation SOC analysts to support other SOC analyst and incident responders with enriched network-level intelligence   5 Preferred Proficiency with Google SecOps and Cyware (SOAR) orchestration, including building automated workflows that integrate SIEM, IDS/IPS, EDR (CrowdStrike, SentinelOne), threat intelligence, and Jira ticketing for SOC automation   4 Preferred Security Certifications Preferred (CISSP, CEH, GISF, GSEC, CySA+, Sec+)

I need Three References

Reference Name (Required):
Title (Optional)
Company Name (Required):
Phone Number (Required include area code):
E-mail address (Optional):
Professional Relationship (Optional):


Peer                                                                      Co-Worker                                                                  Supervisor




Customer                                                             End-User                                                                     Subordinate

Reference Name (Required):
Title (Optional)
Company Name (Required):
Phone Number (Required include area code):
E-mail address (Optional):
Professional Relationship (Optional):


Peer                                                                      Co-Worker                                                                  Supervisor




Customer                                                             End-User                                                                     Subordinate

Reference Name (Required):
Title (Optional)
Company Name (Required):
Phone Number (Required include area code):
E-mail address (Optional):
Professional Relationship (Optional):


Peer                                                                      Co-Worker                                                                  Supervisor




Customer                                                             End-User                                                                     Subordinate
Sistema Technologies, Inc.

About Sistema Technologies, Inc.

Sistema Technologies, Inc. is a global provider of IT enterprise solutions and professional services. IT Staff Augmentation and IT Project Management are our strengths and core competencies. Sistema believes in low overhead, streamlined operations and a commitment to customer service.

Sistema is a HUB Certified company and has both DBITS and ITSAC DIR contracts. We are also a CMBL Vendor, a Southwest Minority Supplier (certificate #83), and a Bona Fide Minority Business Enterprise via NMSDC. The company has an A+ Better Business Rating.

Sistema enjoys working with leading government agencies in Austin including the OCCC, TEA, TXDOT, OAG, HHSC, CPA and San Antonio government entities/utility companies such as CoSA, SAWS, Capital Metro and Bexar County 911.

Headquartered in San Antonio with Sales Offices in Austin, TX, Sistema has assisted may of the region's largest government agencies and companies with their IT architecture, programming and integration needs. Since Sistema's inception, our goal has been to enhance both the processes and profitability of our clients. We understand that our success depends on their success.

Industry
Unknown
Company Size
11-50 employees
Headquarters
San Antonio, TX
Year Founded
2002
Website
sistematechnologies.com
Social Media