NG-SIEM Threat Detection Engineer

Summary

Join New Era Technology as a Senior Security Engineer to support a large information security program. You will leverage your expertise in CrowdStrike NG-SIEM to design, implement, and maintain threat detection capabilities across various IT environments. This role demands strong engineering skills, experience with log ingestion, and the ability to develop and test detection rules. You will collaborate with cross-functional teams, automate processes using IaC tools, and ensure the ongoing operation and maintenance of the NG-SIEM system. The ideal candidate possesses extensive experience with CrowdStrike NG-SIEM, cloud security, and various security tools. This position offers the opportunity to work in a supportive, growth-oriented environment with a team-oriented culture that prioritizes personal and professional development.

Requirements

• 2-5+ years of cyber and information security and cloud security engineering experience
• 2 – 5+ years with hands-on experience with full-lifecycle detection engineering in support of a security operations team
• 2-5+ years of CrowdStrike NG-SIEM implementation and maintenance experience
• Expert in CrowdStrike CSPM, Kubernetes, Application Security Posture Management (ASPM) and EDR/CDR/MDR integration skills in deployment of Falcon agents and policy management on cloud service provider platforms
• Azure Sentinel connector implementation, consolidation and maintenance skills required
• Needs ability to integrate data source metrics into consolidated dashboards & reports
• Must be able to identify applicable best practices, standards and document the implementation
• Comfortability operating in CrowdStrike NG-SIEM or other common SIEM and SOAR solutions
• Technical depth in one or more of the following specialties: application security, cloud security, digital forensics, malware analysis, threat hunting, incident response or some combination thereof
• Familiarity with SQL, relational databases, and data warehousing
• Basic Python (or other scripting language) experience in order to automate tasks within case management and CI/CD environment
• Experience with defining, collecting, and analyzing various metrics that exhibit the purpose and success of a maturing Detection Engineering program (i.e. MITRE ATT&CK coverage)
• Demonstrated knowledge of threat actor techniques, vulnerabilities, and exploits, and how those present themselves within logs and various endpoint/network artifacts
• Requires metric reporting and automation skills as well as procedures for continued operation/maintenance
• Subject matter expert in Sentinel connectivity, log integration, metrics development and automation of reporting and dashboards
• Must be able to create and maintain documentation on the implementation and operational/maintenance processes
• Skilled in extracting configuration compliance metrics and automation of reporting and dashboards
• Ability to explain and write technical details to a non-technical audience and vice versa
• Ability to work autonomously and under pressure
• Ability to influence others and demonstrate leadership
• Excellent attention to detail
• Strong organizational skills
• Excellent analytical skills
• Excellent documentation skills; demonstrated proficiency in Microsoft Office including Word, Excel and PowerPoint
• Collaborative team worker – both in person and virtually using MS Teams or similar
• Ability to work as liaison between business and information security / information technology
• Flexibility to accommodate working across different time zones
• Excellent interpersonal communication skills with strong spoken and written English
• Business outcomes mindset
• Solid balance of strategic thinking with detail orientation
• Self-starter, ability to take initiative

Responsibilities

• Take solution architecture control designs and create system engineering diagrams for deployment to cloud NG-SIEM platform for log integrations support for Endpoints (CrowdStrike Falcon), IAM (AD, Entra ID, Okta, Ping, Windows Event Logs, etc.), Network and Web Security (Firewalls [cloud and on-premise], Zero Trust Network Access (ZTNA – e.g., Zscaler), Email Security (e.g., MS Exchange, Mimecast, Abnormal Security, ProofPoint, etc.), and Productivity tools (e.g., AWS, GCP, O365, etc.)
• Define implementation configurations for deployment to NG-SIEM
• Develop change control, implementation and backout plans
• Automate via Infrastructure as Code (IaC) tools and implement threat detection engineering pipelines and SOAR for the NG-SIEM for development, testing, migration to production with change control and post production fine tuning
• Assist with implementation of metrics reporting and automation as well as documenting procedures for continued operation/maintenance
• Assist with integrations into NG-SIEM tool

Preferred Qualifications

• Cybersecurity certifications such as CISSP, CISM a plus
• Experience working at a company with a global footprint and a large enterprise environment