Remote Security Content Engineer – Splunk

Description:

• BlueVoyant is seeking a Security Operations Center Security Content Engineer to assist global customers with their Splunk cloud security solutions.
• The role involves generating detection logic, automation, and visualizations to help clients derive security insights.
• Responsibilities include creating client-facing detections, collaborating with clients on visualizations, testing and tuning detection logic, and identifying opportunities for client-specific needs.
• The engineer will deliver functional value through research, serve as a Technical SOC SME, conduct in-depth research on exploits and vulnerabilities, and assist in advancing security policies and procedures.
• The position requires regular communication with customer IT teams to address issues and ensure business continuity.
• The role also involves mentoring junior detection engineers and supporting incident response reporting.

Requirements:

• Candidates must possess excellent teamwork skills and previous experience in signature writing or algorithm creation.
• A strong ability to analyze event logs for signs of cyber intrusions or attacks is essential.
• Hands-on experience with Microsoft Azure Sentinel, Defender ATP, O365 ATP, and other Microsoft security suites is required.
• Candidates should have experience in developing, automating, and orchestrating tasks with logic apps, configuring Sentinel incidents, and advising customers on Microsoft Cloud Security capabilities.
• Proficiency in Kusto Query Language (KQL) and strong scripting skills in languages such as Python and PowerShell are necessary.
• A solid background in digital forensic analysis and blue team operations is required, along with knowledge of network protocols and devices.
• Advanced written and verbal communication skills are essential for presenting complex technical topics clearly.
• Familiarity with tools like Wireshark, TCP Dump, Security Onion, and Splunk is expected.
• Knowledge of various security concepts, including SIEM, malware detection, and data loss prevention, is required.

Benefits:

• BlueVoyant offers a fully remote work environment for this position.
• The company provides equal employment opportunities and complies with applicable laws governing non-discrimination.
• Employees are required to be authorized to work in the United States, and U.S. citizenship is necessary for certain federal contracts.
• The company emphasizes a culture of teamwork and collaboration, supported by a highly skilled team with extensive experience in cybersecurity.