View all jobs
Network Security Engineer 0057
San Antonio, TX
Network Security Analyst - Solicitation# 37100057
Texas Cyber Command (TXCC)
Candidate must be a U.S. citizen, pass required background checks, complete required cybersecurity, privacy, and operational training before gaining system access, and comply with TXCC security and data-handling requirements. Occasional after-hours support may be required with TXCC approval. Work must be performed from within the United States unless TXCC grants prior written approval.
The working position is Hybrid - On Site and Telework.
I need Three References
Peer Co-Worker Supervisor
Customer End-User Subordinate
Peer Co-Worker Supervisor
Customer End-User Subordinate
Peer Co-Worker Supervisor
Customer End-User Subordinate
Network Security Analyst - Solicitation# 37100057
Texas Cyber Command (TXCC)
- Engineer, maintain, and tune SIEM platforms (Google SecOps, Gravwell), including correlation rules, dashboards, enrichment logic, and detection content.
- Configure, tune, and optimize IDS/IPS technologies (Corelight, Tipping Point, Cisco Firepower), including signature development and false-positive reduction.
- Perform packet capture (pcap) analysis to validate alerts, identify malicious traffic, and support investigations using Netwitness or Corelight.
- Conduct network traffic analysis to detect anomalies, lateral movement, and command‑and‑control activity.
- Strong understanding of network security architecture, including distributed sensors (Corelight), packet capture systems (NetWitness), and log pipelines (CRIBL, Gravwell, Google SecOps).
- Operationalize threat intelligence feeds within SOC platforms and customers, converting indicators into detection logic, correlation rules, and automated enrichment workflows.
- Continuously tune detection content based on intelligence‑driven insights, improving alert fidelity and reducing false positives across statewide monitoring.
- Develop and maintain orchestration playbooks within Cyware, integrating SIEM, EDR, threat intelligence, and ticketing systems to support statewide monitoring expansion and rapid incident handling.
- Support SOC operations by providing detection engineering, log onboarding, and data normalization.
- Develop and maintain network security monitoring infrastructure, including sensors, collectors, and log pipelines.
- Collaborate with Incident Responders to provide network‑level evidence, context, and threat validation.
- Produce engineering reports, tuning documentation, and platform health assessments.
- Implement detection logic aligned with MITRE ATT&CK, threat intelligence, and emerging adversary behaviors.
- Produce engineering documentation, tuning reports, platform health assessments, and detection coverage maps using data from Firepower, TippingPoint, Corelight, NetWitness, Microsoft Sentinel, and Google SecOps
Candidate must be a U.S. citizen, pass required background checks, complete required cybersecurity, privacy, and operational training before gaining system access, and comply with TXCC security and data-handling requirements. Occasional after-hours support may be required with TXCC approval. Work must be performed from within the United States unless TXCC grants prior written approval.
The working position is Hybrid - On Site and Telework.
| Minimum Requirements: Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity. | |||
| Actual Years Experience |
Years Experience Needed |
Required/ Preferred |
Skills/Experience |
| 5 | Required | SOC operations experience | |
| 5 | Required | Hands‑on experience with IDS/IPS platforms, specifically Cisco Firepower and TippingPoint, including signature tuning, false‑positive reduction, and threat‑driven detection improvements. | |
| 5 | Required | Advanced packet capture (pcap) and network analysis skills using Corelight, NetWitness, and CRIBL pipelines to identify anomalies, malicious traffic, and lateral movement. | |
| 5 | Required | Experience maintaining and tuning EDR platforms, including CrowdStrike Falcon and SentinelOne, and integrating EDR telemetry into SIEM and orchestration workflows. | |
| 5 | Required | Threat intelligence application expertise | |
| 5 | Required | Develop detection logic aligned with adversary TTPs | |
| 6 | Preferred | Experience operationalizing threat intelligence by converting indicators and TTPs from Recorded Future, ThreatMon, GreyNoise, Google Threat Intelligence, VirusTotal, and Mandiant into SIEM rules, IPS signatures, and automated enrichment logic. | |
| 5 | Preferred | Experience operationalizing threat intelligence by converting indicators and TTPs from Recorded Future, ThreatMon, GreyNoise, Google Threat Intelligence, VirusTotal, and Mandiant into SIEM rules, IPS signatures, and automated enrichment logic. | |
| 5 | Preferred | Perform packet-level analysis to validate alerts and identify malicious activity | |
| 5 | Preferred | Serves as an escalation SOC analysts to support other SOC analyst and incident responders with enriched network-level intelligence | |
| 5 | Preferred | Proficiency with Google SecOps and Cyware (SOAR) orchestration, including building automated workflows that integrate SIEM, IDS/IPS, EDR (CrowdStrike, SentinelOne), threat intelligence, and Jira ticketing for SOC automation | |
| 4 | Preferred | Security Certifications Preferred (CISSP, CEH, GISF, GSEC, CySA+, Sec+) | |
I need Three References
| Reference Name (Required): | |
| Title (Optional) | |
| Company Name (Required): | |
| Phone Number (Required include area code): | |
| E-mail address (Optional): | |
| Professional Relationship (Optional): |
Peer Co-Worker Supervisor
Customer End-User Subordinate
| Reference Name (Required): | |
| Title (Optional) | |
| Company Name (Required): | |
| Phone Number (Required include area code): | |
| E-mail address (Optional): | |
| Professional Relationship (Optional): |
Peer Co-Worker Supervisor
Customer End-User Subordinate
| Reference Name (Required): | |
| Title (Optional) | |
| Company Name (Required): | |
| Phone Number (Required include area code): | |
| E-mail address (Optional): | |
| Professional Relationship (Optional): |
Peer Co-Worker Supervisor
Customer End-User Subordinate