Job Openings

Job Details

Tracking Code JBSA-20-1913-W
Job Code 20-1913
Posting Title Cyber Security Analyst - Signature Writer
Post Date 1/22/2021
Full Time / Part-Time Full Time
Travel Up to 25%
City San Antonio
State TX
Country US

Bowhead seeks a Cyber Security Analyst - Signature Writer to support the AFCERT DCO HAC contract in San Antonio, TX.
The Host Signature Writer manages all host computer security signature sets at the Tier 1 AFIN level for all enterprise Air Force workstations and servers. The signature team evaluates and reviews DISA, McAfee and custom AFCERT signatures for NIPR and SIPR network computer systems before releasing them as polices to the Master Repositories for the Network Operations Squadrons (NOS). The team will release new or modified host signatures as directed from Cyber Task Orders. Additionally, the team continuously reviews and evaluates incident logs, false positive signatures, and various Intel computer incident reports.

The candidate will Analyze, interpret, and utilize Regular Expressions, YARA, and Snort-like capabilities in the creation of custom signature sets.

• Develop and document IPS/IDS SOPs.
• Investigate intrusion events, host files, network files, and memory, to dissect and extrapolate information necessary for the development of custom signatures.
• Analyze deployed signatures to reduce false positive rate and perform signature maintenance.
• Create, modify, and manage, Security Orchestration and Automation workflows for operational use and execution.
• Automate tasks using a common programming or scripting language.
• Utilize Linux systems, UNIX/Linux shell scripting (bash), Python, PowerShell.
• Develop, Test, Deploy, and Manage signatures, rules and filters for capabilities such as; IDS, IPS, firewall, web application firewall, proxy and SIEM systems.
• Migrate, tune, and document existing and future AF signatures / detections to new tools and systems as they become available.
• Automate processes and procedures using scripts and SQL / database administration

Bowhead seeks to network with qualified individuals relative to a potential opportunity, which is contingent upon award and not currently funded. Please click the link at the bottom of this posting to apply for consideration. Incumbent employees are encouraged to respond. No solicitations or third party applications will be accepted.
Requirements • BS Computer Science, Computer Engineering, Computer Information Systems, Computer Systems Engineering or related degree preferred
• Demonstrates experience in implementing behavior‐based (heuristic and anomaly‐based) signatures on IDS/IPS/Host based Intrusion Protection System (HIPS) devices on AF approved devices as well as DISA’s Joint Regional Security Stacks (JRSS)
• Proficient in Python and PowerShell
• 3+ years network traffic analysis experience.
• 3+ years experience using Regular Expressions, YARA, and Snort‐equivalent to create custom IPS/IDS signatures.
• Extensive knowledge of MITRE ATT&CK framework

Certification Requirements:
• IAT Level III CND compliance.
• The minimum acceptable primary OS Certification Level for this position is GCFA or GCFE.

SECURITY CLEARANCE REQUIRED: Must currently hold a security clearance at the Top Secret/SCI level. US Citizenship is a requirement for Top Secret clearance at this location.

Applicants may be subject to a pre-employment drug & alcohol screening and/or random drug screen, and must follow UIC’s Non-DOT Drug & Alcohol Testing Program requirements. If the position requires, an applicant must pass a pre-employment criminal background history check. All post-secondary education listed on the applicant’s resume/application may be subject to verification.

Where driving may be required or where a rental car must be obtained for business travel purposes, applicants must have a valid driver license for this position and will be subject to verification. In addition, the applicant must pass an in-house, online, driving course to be authorized to drive for company purposes.

UIC is an equal opportunity employer. We evaluate qualified applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other protected characteristics EOE/AA/M/F/D/V. In furtherance, pursuant to The Alaska Native Claims Settlement Act 43 U.S.C. Sec. 1601 et seq., and federal contractual requirements, UIC and its subsidiaries may legally grant certain preference in employment opportunities to UIC Shareholders and their Descendants, based on the provisions contained within The Alaska Native Claims Settlement Act.

All candidates must apply online at, and submit a completed application for all positions they wish to be considered. Once the employment application has been completed and submitted, any changes to the application after submission may not be reviewed. Please contact a UIC HR Recruiter if you have made a significant change to your application. In accordance with the Americans with Disabilities Act of 1990 (ADA), persons unable to complete an online application should contact UIC Human Resources for assistance (

UIC Government Services (UICGS / Bowhead) provides innovative business solutions to federal and commercial customers in the areas of engineering, maintenance services, information technology, program support, logistics/base support, and procurement. Collectively, the fast-growing Bowhead Family of Companies offers a breadth of services which are performed with a focus on quality results. Headquartered in Springfield, VA, we are a fast-growing, multi-million-dollar corporation recognized as one of the top 25 8(a) companies for government contracting.

Link to Apply:*B21FA130273D84D8

  • UIC and its Family of Companies is an equal opportunity employer. We evaluate qualified applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other protected characteristics EOE/AA/M/F/D/V.
  • Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
  • Please view Equal Employment Opportunity Posters provided by OFCCP here.
  • The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
  • Apply Online
    Send This Job to a Friend