Senior Security Content Engineer

Summary

Join BlueVoyant as a Senior Security Content Engineer in New York, NY! Assist global customers in managing Azure cloud security solutions. You will derive security insights, create client-facing detections, and collaborate on visualizations. Responsibilities include testing detection logic, identifying opportunities for content improvement, and delivering functional value through research. You will serve as a technical escalation point and communicate with customer IT teams. This role requires expertise in various security tools and technologies, including Azure Sentinel and Kusto Query Language.

Requirements

Bachelor’s degree in Computer Science plus two years of experience in the job offered or a similar occupation or a HS degree plus four years of experience in the job offered or a similar occupation

Responsibilities

• Assist our global customers manage their deployments and Azure cloud security solutions
• Derive security insights through generating detection logic, automation and visualizations
• Ideate and create client-facing detections to surface security and IT operations concerns
• Collaborate with clients to design and implement visualizations to assist with understanding security posture, interesting events, and operations metrics
• Test and tune detection logic to minimize false positives, alert duplication, and whitelisting
• Identify opportunities for client-specific needs to become base content, including rules, automations, and dashboards
• Identify opportunities for log content reduction and removal irrelevant events
• Deliver functional value resulting from research in the form of queries, signatures, rules, and contextual information
• Advancement of security policies, procedures, and automation
• Serve as the technical escalation point
• Communicate with customer IT teams to inform them of issues, help them remediate, and ensure that they continue to operate business as usual
• Signature writing /algorithm creation. Analyze event logs and recognize signs of cyber intrusions/attacks
• Use Microsoft Azure Sentinel, Defender ATP, O365 ATP, and other Microsoft security suites
• Develop, automate, and orchestrate tasks with logic apps based on certain events
• Configure Sentinel Incidents, Workbooks, Hunt queries, Notebooks
• Advise on the Microsoft Cloud Security capabilities across the Azure platform
• Use Kusto Query Language and scripting languages (Python, PowerShell, BASH and others)
• Digital forensic analysis (host, network, other). Use knowledge of network protocols and devices
• Use Wireshark, TCP Dump, Security Onion, and Splunk
• Use SIEM, Packet Analysis, SSL Decryption, Malware Detection, HIDS/NIDS, Network Monitoring Tools, Case Management System, Knowledge Base, Web Security Gateway, Email Security, Data Loss Prevention, Anti-Virus, Network Access Control, Encryption, Vulnerability Identification
• Use knowledge of intrusion analysis, digital forensics, penetration testing, detection engineering
• Use .Net programming, jupyter notebooks, and scripting/ development using web APIs

Benefits

Option to Telecommute