Cybersecurity Capability Developer Subject Matter Expert

M&S Consulting was conceived in 2002 with the vision of creating highly effective teams of elite consultants to deliver strategic process and technology solutions to enterprise organizations across the US. Our commitment to delivery in complex environments and long-term customer success has merged process and technology into innovative solutions, established deep pockets of expertise, and enabled innovative transformation for evolving businesses.

We have intentionally cultivated steady growth focused on being approachable and helpful to our dearly valued clients and closely cared-for employees. M&S people simply “care hard”, and this reflects in our work products, our interactions, and our culture.

M&S Consulting is seeking a detail-oriented and proactiveCybersecurity Capability Developer Subject Matter Expertto join our team in Huntsville, AL or Clarksburg, WV. The position will be part of an Enterprise Security Operations Center 24/7/365 Watch Floor team providing Threat Detection engineering. The position requires expertise in security analytics, data correlation, threat intelligence, and automation within a Security Information and Event Management (SIEM) platform or equivalent detection systems.

*This position requires: Active Top-Secret Clearance with eligibility for SCI and you must be on site. This is not a remote position.

Primary Responsibilities:

• Develop, implement, and maintain detection rules to identify malicious behaviors.
• Optimize detection efficacy by reducing false positives and increasing true positive rates
• Document detection processes, methodologies, and workflows.
• Share insights and mentor team members on best practices in threat detection.
• Design, develop, and maintain cybersecurity tools, scripts, and capabilities that enhance operational effectiveness within the ESOC watch floor.
• Create automation solutions to streamline processes for threat detection, incident triage, response workflows, and reporting, ensuring faster and more efficient security operations.
• Integrate security technologies and data sources to improve detection, monitoring, and response capabilities
• Continuously test and optimize developed capabilities, ensuring their functionality and efficiency during live security operations

Required Skills:

• Active Top-Secret Clearance with eligibility for SCI
• US Citizenship
• 10+ years of experience
• Experience with Splunk Enterprise Security
• Familiarity with all related aspects of cybersecurity operations and security architecture
• In-depth knowledge of network and application protocols, cyber vulnerabilities and exploitation techniques and cyber threat/adversary methodologies.

Preferred Skills:

• Strong expertise in SIEM platforms and familiarity with query languages (e.g. SPL, KQL).
• Understanding of malware behaviors, threat actors, and attack tactics (MITRE ATT&CK).
• Experience with automation and scripting (e.g., Python, PowerShell).
• Ability to independently assess and improve detection rules.
• Excellent troubleshooting and documentation skills.
• Experience with Microsoft Sentinel
• Experience with FBI, DHS, IC, and DoD Networks.
• Experience with mitigation development against malicious cyber activity
• One of the following certifications:
  • GIAC Continuous Monitoring Certification (GMON)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Network Forensic Analyst (GNFA)
  • GIAC Cloud Threat Detection (GCTD)
  • GIAC Cloud Forensics Responder (GCFR)
  • Certified Information Systems Security Professional (CISSP)

*M&S Consulting proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a protected veteran, or any other characteristic protected by law.