Threat Content Developer
Vacancy expired!
JOB TITLE: Threat Content DeveloperLOCATION: Phoenix, AZ Role Summary:Candidates should have ample exposure to network security principles, threat detection practices, rule writing (KQL preferred), along with first-hand experience working in a security operations center or security engineering environment. Prospective candidates should have excellent communication skills, work effectively in a team, and perform well in a rapidly paced workplace. Essential Duties and Responsibilities:
- Proactively threat hunt and identify misconfigurations within a SIEM solution. Additionally, be able to provide strategic recommendations and assist in guiding the customer to resolution.
- Threat research and rule writing for various SIEM platforms.
- Identify gaps in log collection, signatures, and indicators of compromise (IOC) visibility. Then work with customer success team and engineering to improve detection capabilities.
- Identify advanced malicious activity that has evaded traditional security monitoring capability.
- Assist customers with requests to help integrate the SIEM into their environment and workflows.
- 2-3 years of direct involvement with security operations, security engineering, threat analysis, incident response, and/or threat detection.
- Prior consulting or advisory experience preferred.
- General knowledge of SIEM functionality and usage
- Knowledge of endpoint detection and configuration of alerts
- Strong understanding of network principles and topology, network protocol behavior, security devices (IPS, IDS, HIPS, firewall).
- First-hand security operations center (SOC) experience performing analyst/security engineer duties.
- Deep understanding of how malicious traffic appears over the network. Rule and/or query writing experience in at least one SIEM – KQL with Sentinel preferred
- Must have strong threat detection knowledge and intuition.
- Should understand content testing, implementation, and revision cycle.
- Must understand how to gather threat intelligence and identify IoCs for use in detection mechanisms at both the host and network level.
- Candidates should also have exposure to a wide variety of network and host logging formats (EDR/EPP, syslog, CEF, Windows Event Logs, Sysmon, firewall, DNS, Office 365, etc.).
- Prior experience and knowledge with threat intelligence, managing a threat intelligence platform (TIP), and/or managing/monitoring honeypot infrastructure is a plus.
- GIAC 400/500-level certifications (or industry equivalent) recommended