Address
Form of workJob Description
Direct Hire | Full Remote | Must be authorized to work in the U.S. without sponsorship
The Senior Security Engineer plays a pivotal role in enhancing and delivering cutting-edge cybersecurity solutions to our clients.
Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms are dynamic systems that necessitate ongoing tuning and administration. This continuous refinement is crucial to ensure they remain highly effective against the constantly evolving landscape of cyber threats This position requires a deep understanding of security event analysis, SIEM technology, and content development to ensure effective security monitoring and threat detection for our clients.
Duties and Responsibilities
Includes the following:
SIEM/SOAR Content Development:
• Develop, refine, and maintain SIEM and SOAR content, including rules, correlation searches, alerts, dashboards, and reports.
• Analyze and interpret complex datasets to create meaningful security insights.
• Continuously update SIEM content to reflect evolving threats and security trends.
• Integrate new data sources and tune to work with existing use cases and alerting.
• Develop and implement best practices for SIEM and SOAR content management and development.
• Work closely with clients to understand their security needs and tailor SIEM content accordingly.
• Provide expert advice and recommendations on SIEM best practices and configurations.
• Serve as a subject matter expert in SIEM technologies and content development.
• Stay abreast of the latest cybersecurity technologies and practices.
Threat Analysis and Monitoring:
• Proactively identify and analyze emerging threats and adjust alerts and correlation searches accordingly.
• Collaborate with the incident response team for threat detection and analysis.
• Collaborate with SOC Analysts to tune alerts and create custom monitoring.
• Optimize SIEM for efficient threat monitoring and alerting.
• Guide and mentor junior team members in SIEM content creation and threat analysis.
• Participate in resolving Tier 3 escalations received from the SOC.
• May perform other duties as assigned.
Required Skills/Experience
• B.S. Degree in Cybersecurity, Computer Science or equivalent experience.
• 5+ years delivering information security infrastructure support and related services.
• At least 5 years of experience in SIEM content development and threat analysis in an MSSP or similar environment.
• Consulting or managed services provider experience.
• Working knowledge of web application firewalls, load balancers and proxies.
• Demonstrated experience in computer security combined with risk analysis, audit, and compliance.
• Expert knowledge of TCP/IP, common protocols, and standards.
• Experience with security scanning tools.
• Certifications: Relevant certifications (e.g., CISSP, CISA, GCIH, GCIA).
Qualifications
• In-depth knowledge of various SIEM platforms, scripting languages (e.g., Python, SPL, KQL), and understanding of network security and threat intelligence.
• Familiarity with Information Security requirements of Compliance audits.
• Hands on experience with Splunk, Elastic Search, and ServiceNow.
• Python programming experience.
• Experience working with API, webhooks and custom queries to ingest data.
