BreakPoint Labs is seeking a SIEM/SOAR Engineer to manage and maintain the CSSP’s Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms. This role is responsible for administering an enterprise Elastic cluster while ensuring the performance, availability, and security of these critical systems. The engineer will leverage strong communication, analytical, and problem-solving skills to identify, communicate, and resolve issues, ultimately maximizing the effectiveness and value of CSSP security system investments.
Responsibilities include:
Design, implement, and maintain the SIEM and SOAR infrastructure (Elastic and Splunk).Manage and maintain an enterprise Elastic cluster to support SIEM operations for the CSSP.Monitor and analyze security events and incidents to protect information assets.Assist in the develop and maintain use cases, rules, and alerts for threat detection and response.Integrate SIEM and SOAR systems with other security tools and data sources.Automate security operations workflows and incident response procedures using SOAR platforms.Perform regular system monitoring and health checks to ensure the integrity and availability of SIEM and SOAR systems.Conduct performance tuning, capacity planning, and scalability assessments for SIEM and SOAR solutions.Implement and manage data ingestion pipelines for security event data.Perform regular updates, patches, and upgrades for SIEM and SOAR systems.Create and maintain documentation for system configurations, processes, and standard operating procedures.Collaborate with security analysts, operations analysts, incident responders, and other CSSP teams to ensure effective use of SIEM and SOAR capabilities.Provide guidance and support to operations analysts on the use of SIEM and SOAR tools.Stay updated with the latest trends, tools, and best practices in SIEM and SOAR technologies.Conduct research and recommend improvements to enhance the effectiveness of the SIEM and SOAR solutions.
Required Experience:
Minimum of 3 years of experience in maintaining an enterprise Elastic cluster.Proficiency in managing and maintaining SIEM and SOAR solutions.Experience with Elasticsearch Enterprise (including Logstash and Kibana) for SIEM operations.Understanding of security event and incident management processes.Knowledge of scripting languages (e.g., Python, PowerShell) for automation and integration.Experience with threat detection and response methodologies.Extensive experience with Linux Administration of RHEL Operating Systems.Strong experience with networking protocols, solutions, and methodologies.Excellent troubleshooting and problem-solving skills.Strong documentation skills.Strong communication and interpersonal skills.Ability to work in a team-oriented, collaborative environment.Ability to prioritize and execute tasks in a high-pressure environment.Available for on-call after-hours rotational support as needed.
Certifications Required: DoD 8570 IAT Level II and DoD 8140 CSSP Auditor compliant
Security Clearance Required: Secret
Education required: Bachelor’s Degree
Company DescriptionBreakPoint Labs, a small business cybersecurity services firm, is dedicated to providing the methods and means for sustainable, measurable, and effective cybersecurity operations. Powered by highly motivated, experienced cybersecurity professionals with technical and scientific proficiency. We are known for developing and leveraging technology to enable a more secure cyberspace. With well-formed service delivery models in cybersecurity assessments, defensive cyber operations, research and development, and cybersecurity training, we are able to support a diverse customer base in addressing its most challenging problems in cyberspace.
BreakPoint Labs is seeking a Detection Engineer with an expertise in Elastic to design, develop, and implement detection mechanisms to identify cyber threats within a Cybersecurity Service Provider (CSSP) environment. The candidate will focus on creating and managing IDS/IPS signatures, log correlation rules, and other detection tools based on indicator lifecycle analysis. The Detection Engineer collaborates with Defensive Cyber Operations (DCO) Watch Analysts and other teams to ensure timely and effective threat detection, adhering to CJCSM 6510.01B reporting requirements and supporting the CSSP’s mission to protect data across a wide spectrum of sources and locations.
Responsibilities include:
Develop, implement, and maintain custom, high-fidelity detection rules and logic in the Elastic Security platform specifically targeting adversary TTPs mapped to the MITRE ATT&CK® framework.Develop and prioritize risk-based alerting mechanisms to focus detection efforts on high-impact threats, aligning with organizational risk assessments.Analyze threat intelligence to create and refine detection mechanisms tailored to the customer’s environment.Validate and test detection rules to ensure accuracy, minimize false positive and benign positive matches, and enhance threat identification capabilities.Collaborate with DCO Watch Analysts to integrate detection mechanisms into monitoring and incident response workflows.Maintain and update detection tools and signatures in response to evolving threats, ensuring compliance with CJCSM 6510.01B and other applicable directives.Compile and maintain internal standard operating procedure (SOP) documentation for detection creation and implementation processes.Coordinate with reporting agencies and subscriber sites to align detection strategies with operational needs and threat intelligence.Participate in program reviews, product evaluations, and onsite certification evaluations to assess detection tool efficacy.Overtime may be required to support detection implementation or incident response actions (Surge).Up to 10% travel may be required.Required Experience:
5+ years of experience working in a CSSP, SOC, or similar environment.2+ years of experience with signature development, detection logic creation and optimization on multiple platforms.Experience in threat detection engineering, threat hunting, or a related role with hands-on experience using the Elastic Stack, Kibana Query Language (KQL), Event Query Language (EQL), Elasticsearch Query Language (ES|QL) and/or Elastic Defend.Experience with threat intelligence platforms and indicator management.Proficient knowledge of detection creation and implementation processes.Expertise in IDS/IPS solutions, including signature development and optimization.Strong understanding of the indicator lifecycle, including initial discovery, development, operational maturity, and long-term sustainment.Effective verbal and written communication skills.Ability to solve complex problems independently.Preferred certifications: Elastic Certified Analyst; Elastic Certified SIEM Analyst, Elastic Certified Engineer.Certifications Required: DoD 8570 IAT Level II and DoD 8140 CSSP-specific certification.
Security Clearance Required: DoD Secret Clearance.
Education Required: Bachelor’s Degree Area(s) of Studyof relevant discipline and 5 years of experience. OR, at least 8 years of experience working in a CSSP, SOC, or similar.
Company DescriptionBreakPoint Labs, a small business cybersecurity services firm, is dedicated to providing the methods and means for sustainable, measurable, and effective cybersecurity operations. Powered by highly motivated, experienced cybersecurity professionals with technical and scientific proficiency. We are known for developing and leveraging technology to enable a more secure cyberspace. With well-formed service delivery models in cybersecurity assessments, defensive cyber operations, research and development, and cybersecurity training, we are able to support a diverse customer base in addressing its most challenging problems in cyberspace.Valiant Solutions is seeking a highly motivated self-starter to serve in the capacity of a Cybersecurity Analyst within a fast-paced Cybersecurity Services Provider (CSSP) environment.
Position Responsibilities:
Conduct continuous network monitoring and analysis using various defensive cyber tools.Enumerate vulnerable terrain in support of Tier 1 reporting.Provide end customers with vulnerability assessment reports with tailored, prioritized mitigation actions.Track vulnerability management efforts from identification, toExperience:
Experience with Tenable SecurityCenter/Assured Compliance Assessment Solution (ACAS) strongly preferred.Knowledge of network scanning principles and the potential impacts of intrusion detection/prevention systems (IDS/IPS) to scan data accuracy.Knowledge in Evaluator Scoring Metrics (ESM) criteria.Experience working in a fast-paced, metrics-driven, and team-oriented environment.Ability to communicate complex technical and programmatic information, often in the form of verbal and visual operational updates, situation reports, and briefings.Required Certifications: Security+ Continuing Education (CE) [CompTIA] AND Certified Ethical Hacker (CEH) [EC-Council]
Security Clearance Required: A minimum of a Secret with the ability to upgrade to a Top Secret
Education Level Required: Bachelor’s Degree: Area(s) of Study Cybersecurity
Education Level Required: Bachelor’s Degree: Area(s) of Study Cybersecurity
Company DescriptionBreakPoint Labs, a small business cybersecurity services firm, is dedicated to providing the methods and means for sustainable, measurable, and effective cybersecurity operations. Powered by highly motivated, experienced cybersecurity professionals with technical and scientific proficiency. We are known for developing and leveraging technology to enable a more secure cyberspace. With well-formed service delivery models in cybersecurity assessments, defensive cyber operations, research and development, and cybersecurity training, we are able to support a diverse customer base in addressing its most challenging problems in cyberspace.BreakPoint Labs seeks a Tier 1 Defensive Cyber Operations (DCO) Analyst to be responsible for the continuous monitoring and initial triage of security events within a Cybersecurity Service Provider (CSSP) environment. Work takes place on four ten-hour shifts (Sunday-Wednesday or Wednesday – Saturday).
Responsibilities include:
Monitor network and host-based systems.Identify and validate suspicious activities.Escalate security incidents as required.Provide support for foundational incident response procedures.Comply with established reporting requirements with accuracy and timelines.Assist in managing incident response by documenting and tracking details.Participate in training to develop familiarity with tools and processes.Support log correlation tasks using tools like Splunk, Elastic, and Sentinel.Assist in program reviews and product evaluations as directedSurge support may be required to support incident response actions.
Required Experience:
3+ years of experience working in CSSP, SOC, or similar environment, OR, Bachelor’s degree in relevant technical field.Must have DoD 8570 IAT Level II and CSSP-specific certifications.Experience with Log Aggregation Tools (e.g., Splunk, Elastic, Sentinel) preferred.Experience with IDS/IPS, host-based, and operating system logging solutions.Knowledge of Incident Response methodologies and procedures strongly preferred.Experience with digital forensics, threat hunting, and/or incident response desired.Familiarity with CJCSM 6510.01B.Analytical ability and strong verbal and written communication skills required.
Certifications Required: DoD 8570 IAT Level II and CSSP-specific certifications, CND.
Clearance Required: DoD Secret
Education Level required: Bachelor’s Degree Area(s) of Study Relevant technical discipline or 3+ years equivalent experience
Step 1 of 5 - Application Info
Company DescriptionBreakPoint Labs, a small business cybersecurity services firm, is dedicated to providing the methods and means for sustainable, measurable, and effective cybersecurity operations. Powered by highly motivated, experienced cybersecurity professionals with technical and scientific proficiency. We are known for developing and leveraging technology to enable a more secure cyberspace. With well-formed service delivery models in cybersecurity assessments, defensive cyber operations, research and development, and cybersecurity training, we are able to support a diverse customer base in addressing its most challenging problems in cyberspace.BreakPoint Labs seeks a Tier 1 Defensive Cyber Operations (DCO) Analyst to be responsible for the continuous monitoring and initial triage of security events within a Cybersecurity Service Provider (CSSP) environment. Work takes place on four ten-hour shifts (Sunday-Wednesday or Wednesday – Saturday).
Responsibilities include:
Monitor network and host-based systems.Identify and validate suspicious activities.Escalate security incidents as required.Provide support for foundational incident response procedures.Comply with established reporting requirements with accuracy and timelines.Assist in managing incident response by documenting and tracking details.Participate in training to develop familiarity with tools and processes.Support log correlation tasks using tools like Splunk, Elastic, and Sentinel.Assist in program reviews and product evaluations as directedSurge support may be required to support incident response actions.
Required Experience:
3+ years of experience working in CSSP, SOC, or similar environment, OR, Bachelor’s degree in relevant technical field.Must have DoD 8570 IAT Level II and CSSP-specific certifications.Experience with Log Aggregation Tools (e.g., Splunk, Elastic, Sentinel) preferred.Experience with IDS/IPS, host-based, and operating system logging solutions.Knowledge of Incident Response methodologies and procedures strongly preferred.Experience with digital forensics, threat hunting, and/or incident response desired.Familiarity with CJCSM 6510.01B.Analytical ability and strong verbal and written communication skills required.
Certifications Required: DoD 8570 IAT Level II and CSSP-specific certifications, CND.
Clearance Required: DoD Secret
Education Level required: Bachelor’s Degree Area(s) of Study Relevant technical discipline or 3+ years equivalent experience
Step 1 of 5 - Application Info
Company DescriptionBreakPoint Labs, a small business cybersecurity services firm, is dedicated to providing the methods and means for sustainable, measurable, and effective cybersecurity operations. Powered by highly motivated, experienced cybersecurity professionals with technical and scientific proficiency. We are known for developing and leveraging technology to enable a more secure cyberspace. With well-formed service delivery models in cybersecurity assessments, defensive cyber operations, research and development, and cybersecurity training, we are able to support a diverse customer base in addressing its most challenging problems in cyberspace.BreakPoint Labs is seeking a Tier 3 DCO Watch Analyst responsible for leading complex incident response, conducting proactive threat hunting, and enhancing detection capabilities within a Cybersecurity Service Provider (CSSP) environment. The analyst oversees incident analysis, coordinates with internal and external stakeholders, leads purple team exercises, and drives improvements to detection and response capabilities. This position requires advanced expertise, operational leadership, and strict compliance with CJCSM 6510.01B standards.
Required Responsibilities:
Lead incident response efforts, including analysis, mitigation, and reporting of significant incidents per CJCSM 6510.01B.Manage incident response campaigns by developing strategies, coordinating multi-team efforts, and ensuring comprehensive resolution and reporting.Conduct proactive threat hunting to identify advanced threats and network vulnerabilities.Lead purple team exercises in collaboration with red and blue teams to evaluate and enhance detection and response capabilities.Evaluate and refine detection mechanisms, including IDS/IPS signatures and log correlation rules, to improve accuracy and reduce false positives.Perform advanced network and host-based digital forensics on Windows and other operating systems to support investigations.Coordinate with reporting agencies and subscriber sites for comprehensive incident analysis and reporting.Develop and maintain internal SOP documentation, ensuring alignment with CJCSM 6510.01B and applicable directives.Work with a team to provide 24/7 support for incident response, including non-core hours, and mentor junior analysts.Participate in program reviews, product evaluations, and onsite certification assessments.Work four 10-hour shifts (Sunday-Wednesday or Wednesday Saturday); shift placement at management’s discretion.Surge support may be required to support incident response actions.Up to 10% travel may be required, to include OCONUS locations.Required Experience:
5-years experience supporting CSSP or similar SOC technical role.Comprehensive knowledge of CJCSM 6510.01B and incident response procedures.Indepth expertise with IDS/IPS solutions, including signature development and optimization.Extensive experience performing digital forensics across multiple operating systems.Certifications Required: DoD 8570 IAT Level II certification and CSSP/CND certification
required.
Security Clearance Required: DoD Secret
Education Level Required: Bachelor’s Degree in a technical related or managerial discipline, or 7+ years if High School Diploma/GED.
Company DescriptionBreakPoint Labs, a small business cybersecurity services firm, is dedicated to providing the methods and means for sustainable, measurable, and effective cybersecurity operations. Powered by highly motivated, experienced cybersecurity professionals with technical and scientific proficiency. We are known for developing and leveraging technology to enable a more secure cyberspace. With well-formed service delivery models in cybersecurity assessments, defensive cyber operations, research and development, and cybersecurity training, we are able to support a diverse customer base in addressing its most challenging problems in cyberspace.BreakPoint Labs is seeking a Tier 3 DCO Watch Analyst responsible for leading complex incident response, conducting proactive threat hunting, and enhancing detection capabilities within a Cybersecurity Service Provider (CSSP) environment. The analyst oversees incident analysis, coordinates with internal and external stakeholders, leads purple team exercises, and drives improvements to detection and response capabilities. This position requires advanced expertise, operational leadership, and strict compliance with CJCSM 6510.01B standards.
Required Responsibilities:
Lead incident response efforts, including analysis, mitigation, and reporting of significant incidents per CJCSM 6510.01B.Manage incident response campaigns by developing strategies, coordinating multi-team efforts, and ensuring comprehensive resolution and reporting.Conduct proactive threat hunting to identify advanced threats and network vulnerabilities.Lead purple team exercises in collaboration with red and blue teams to evaluate and enhance detection and response capabilities.Evaluate and refine detection mechanisms, including IDS/IPS signatures and log correlation rules, to improve accuracy and reduce false positives.Perform advanced network and host-based digital forensics on Windows and other operating systems to support investigations.Coordinate with reporting agencies and subscriber sites for comprehensive incident analysis and reporting.Develop and maintain internal SOP documentation, ensuring alignment with CJCSM 6510.01B and applicable directives.Work with a team to provide 24/7 support for incident response, including non-core hours, and mentor junior analysts.Participate in program reviews, product evaluations, and onsite certification assessments.Work four 10-hour shifts (Sunday-Wednesday or Wednesday Saturday); shift placement at management’s discretion.Surge support may be required to support incident response actions.Up to 10% travel may be required, to include OCONUS locations.Required Experience:
5-years experience supporting CSSP or similar SOC technical role.Comprehensive knowledge of CJCSM 6510.01B and incident response procedures.Indepth expertise with IDS/IPS solutions, including signature development and optimization.Extensive experience performing digital forensics across multiple operating systems.Certifications Required: DoD 8570 IAT Level II certification and CSSP/CND certification
required.
Security Clearance Required: DoD Secret
Education Level Required: Bachelor’s Degree in a technical or managerial related discipline, or 7+ years if High School Diploma/GED.
Company DescriptionBreakPoint Labs, a small business cybersecurity services firm, is dedicated to providing the methods and means for sustainable, measurable, and effective cybersecurity operations. Powered by highly motivated, experienced cybersecurity professionals with technical and scientific proficiency. We are known for developing and leveraging technology to enable a more secure cyberspace. With well-formed service delivery models in cybersecurity assessments, defensive cyber operations, research and development, and cybersecurity training, we are able to support a diverse customer base in addressing its most challenging problems in cyberspace.BreakPoint Labs is seeking a Full Stack Developer to support the development and maintenance of both front-end and back-end components of web applications, with a strong emphasis on integrating security throughout the software development lifecycle. In this role, the developer will collaborate with cross-functional teams to implement DevSecOps practices, enhance automation, and promote secure coding standards. The ideal candidate will leverage their foundational knowledge of full-stack development, security principles, and DevSecOps methodologies to help deliver secure, high-quality software solutions.
Responsibilities include:
Develop, test, and maintain web applications utilizing both front-end and back-end technologies.Integrate security into the development pipeline through DevSecOps practices.Collaborate with engineers, sustainment, security tools, and operations teams to bolster automation and security.Write clean, maintainable, and efficient code in adherence to best practices and coding standards.Build and sustain CI/CD pipelines for automating build, test, and deployment procedures.Implement and oversee security controls and monitoring systems.Address and resolve issues across development, testing, and production settings.Engage in Agile/Scrum activities, including daily stand-ups, sprint planning, and retrospectives.Document technical processes and security protocols.Work effectively in a team-based, collaborative setting.
Required Experience:
A minimum of 3 years of experience in full-stack development, emphasizing DevSecOps practices.Proficiency in front-end technologies such as HTML, CSS, JavaScript, and frameworks (e.g., React, Angular).Proficiency in back-end technologies such as Node.js, Python, Ruby, Java, or .NET.Experience with databases (SQL and NoSQL) and AWS RDSStrong understanding of DevSecOps practices and tools (e.g., Docker, Kubernetes, Git).Experience with CI/CD pipelines and automation tools.Knowledge of secure coding practices and security frameworks (e.g., OWASP).Excellent problem-solving and analytical skills.Strong communication and collaboration skills.Ability to work in a fast-paced, Agile environment.Working knowledge and experience using APIs.Experience working in cloud platforms (specifically with AWS and Azure).Experience with the Atlassian tool suite.Knowledge of infrastructure-as-code (IaC) tools (e.g., Terraform, Ansible).Experience with container security pipeline development
Certifications Required: DoD 8570 IAT Level II and DoD 8140 CSSP Auditor compliant certifications
Security Clearance Required: Secret
Education Required: Bachelor’s Degree; Area(s) of Study should be in Computer Science, Information Technology, or a related field, or possess equivalent professional experience.
Company DescriptionBreakPoint Labs, a small business cybersecurity services firm, is dedicated to providing the methods and means for sustainable, measurable, and effective cybersecurity operations. Powered by highly motivated, experienced cybersecurity professionals with technical and scientific proficiency. We are known for developing and leveraging technology to enable a more secure cyberspace. With well-formed service delivery models in cybersecurity assessments, defensive cyber operations, research and development, and cybersecurity training, we are able to support a diverse customer base in addressing its most challenging problems in cyberspace.BreakPoint Labs is seeking a Detection Engineer to be responsible for the design, development, and implementation of advanced detection capabilities within a Cybersecurity Service Provider (CSSP) environment. The candidate will focus on creating and managing IDS/IPS signatures, log correlation rules, and other detection tools based on indicator lifecycle analysis. The Detection Engineer collaborates with Defensive Cyber Operations (DCO) Watch Analysts and other teams to ensure timely and effective threat detection, adhering to CJCSM 6510.01B reporting requirements and supporting the CSSP’s mission to protect data across a wide spectrum of sources and
locations.
Responsibilities include:
Acting as the primary SME for cloud log sources, designing efficient detections across multi-cloud environments (Gov. Cloud, AWS, Azure, GCP, etc).Designing and implementing detection logic (KQL, EQL, and/or SPL) tailored to cloud-native threats and cloud infrastructure (e.g., containers like Kubernetes, Docker, etc.).Analyzing threat intelligence to create and refine detection mechanisms tailored to the customer’s environment.Validating and testing detection rules to ensure accuracy, minimize false positive and benign positive matches, and enhance threat identification capabilities.Collaboration with DCO Watch Analysts to integrate detection mechanisms into monitoring and incident response workflows.Maintaining and updating detection tools and signatures in response to evolving threats, ensuring compliance with CJCSM 6510.01B and other applicable directives.Compiling and maintaining standard operating procedure (SOP) documentation for detection creation and implementation processes.Performing log analysis of Splunk and Elastic to support detection development and validation. Coordinating with reporting agencies and subscriber sites to align detection strategies with operational needs and threat intelligence.Participation in program reviews, product evaluations, and onsite certification evaluations to assess detection tool efficacy.Overtime may be required to support detection implementation or incident response actions (Surge).Up to 10% travel may be requiredRequired Experience:
5+ years of experience working in a CSSP, SOC, or similar environment.2+ years of experience with signature development, detection logic creation, and optimization on multiple platforms.Technical expertise in major cloud provider security models, services, and logs (Gov. Cloud, AWS, Azure, GCP, etc.).Experience working with and developing signatures for Splunk and Elastic.Experience with threat intelligence platforms and indicator management.Proficient knowledge of detection creation and implementation processes.Expertise in IDS/IPS solutions, including signature development and optimization.Strong understanding of the indicator lifecycle, including initial discovery, development, operational maturity, and long-term sustainment.Effective verbal and written communication skills.Ability to solve complex problems independently.Preferred certifications: AWS Certified Security, Azure Security Engineer Associate, GCP Professional Cloud Security Engineer, or equivalent SANS GIAC certifications.Certifications Required: DoD 8570 IAT Level II and DoD 8140 CSSP-specific certification.
Security Clearance Required: DoD Secret.
Education Required: Bachelor’s Degree in the Area(s) of relevant discipline and 5 year's experience. OR, at least 8 years of experience working in a CSSP, SOC, or similar environment.
Company DescriptionBreakPoint Labs, a small business cybersecurity services firm, is dedicated to providing the methods and means for sustainable, measurable, and effective cybersecurity operations. Powered by highly motivated, experienced cybersecurity professionals with technical and scientific proficiency. We are known for developing and leveraging technology to enable a more secure cyberspace. With well-formed service delivery models in cybersecurity assessments, defensive cyber operations, research and development, and cybersecurity training, we are able to support a diverse customer base in addressing its most challenging problems in cyberspace.