Security Content Engineer

Summary

Join BlueVoyant as a Security Content Engineer – Splunk and contribute to the success of our global customers by managing their Splunk cloud security solutions. You will be part of a fast-paced team focused on generating detection logic, automation, and visualizations to provide security insights. This fully remote position requires collaboration with clients to design and implement visualizations, test and tune detection logic, and identify opportunities for content improvement. You will also serve as a technical expert, mentor junior engineers, and communicate with customer IT teams. US Citizenship is required.

Requirements

• Excellent teamwork skills
• Previous signature writing / algorithm creation experience
• Ability to analyze event logs and recognize signs of cyber intrusions/attacks
• Hands-on experience with Microsoft Azure Sentinel, Defender ATP, O365 ATP, and other Microsoft security suites
• Hands-on experience with Microsoft Azure Sentinel, Microsoft Threat Protection suite of security solutions (Defender ATP, Azure ATP, Office 365 ATP, Microsoft Cloud Application Security), Azure Active Directory, Azure Security Center, Azure Log Analytics, and M365 suite of solutions
• Hands-on experience for the following: Develop, automate, and orchestrate tasks(playbooks) with logic apps based on certain events
• Configure Sentinel Incidents, Workbooks, Hunt queries, Notebooks
• Ability to advise customers on the Microsoft Cloud Security capabilities across the Azure platform
• Kusto Query Language (KQL)
• Strong experience with scripting languages (Python, PowerShell, others)
• Strong experience with digital forensic analysis (host, network, other) and blue team operations
• Strong knowledge and understanding of network protocols and devices
• Ability to work directly with customers to understand requirements for and feedback on security services
• Advanced written and verbal communication skills and the ability to present complex technical topics in clear and easy-to-understand language
• Strong teamwork and interpersonal skills, including the ability to work effectively with a globally distributed team
• Skilled in the creation of signatures for security tools
• Familiarity with tools such as Wireshark, TCP Dump, Security Onion, and Splunk
• Strong knowledge of the following: SIEM
• Packet Analysis
• SSL Decryption
• Malware Detection
• HIDS/NIDS
• Network Monitoring Tools
• Case Management System
• Knowledge Base
• Web Security Gateway
• Email Security
• Data Loss Prevention
• Anti-Virus
• Network Access Control
• Encryption
• Vulnerability Identification
• Minimum bachelor’s degree in Information Security, Computer Science, or other IT-related field or equivalent experience
• US Citizenship Required

Responsibilities

• Ideate and create client-facing detections to surface security and IT operations concerns
• Collaborate with clients to design and implement visualizations to assist clients with understanding security posture, interesting events, and operations metrics
• Assist clients with testing and tuning detection logic to minimize false positives, alert duplication, and whitelisting
• Identify opportunities for client-specific needs to become base content for all MSS, including rules, automations, and dashboards
• Assist integration teams in identifying opportunities for log content reduction and removal irrelevant events
• Deliver functional value resulting from research in the form of queries, signatures, rules, and contextual information (knowledge base articles)
• Serve as a Technical SOC SME in support to customers (customer facing) and support to sales and marketing
• Supplemental in-depth research of exploits and vulnerabilities which have a high likelihood of occurring within BlueVoyant customer environments
• Assist in the advancement of security policies, procedures, and automation
• Serve as the technical escalation point and mentor for junior detection engineers and Sentinel support staff
• Regularly communicate with customer IT teams to inform them of issues, help them remediate, and ensure that they continue to operate business as usual
• Assist with advancing security standard operating procedures and incident response reporting

Preferred Qualifications

• Experience in intrusion analysis, digital forensics, penetration testing, detection engineering or related areas
• 7+ years of experience in information technology or information security, 4 of which were spent dealing directly with SIEM solutions and detection content creation
• Microsoft 365 Certified: Security Administrator Associate and GCFA, GCFE, or OSCP preferred
• Familiarity with Azure, .Net programming, jupyter notebooks, and scripting / development using web APIs