Remote Senior Security Content Engineer

Description:

• A Senior Security Content Engineer is needed to assist global customers in managing their deployments and Azure cloud security solutions.
• The role involves deriving security insights through generating detection logic, automation, and visualizations.
• Responsibilities include ideating and creating client-facing detections to surface security and IT operations concerns.
• The engineer will collaborate with clients to design and implement visualizations that assist with understanding security posture, interesting events, and operations metrics.
• Testing and tuning detection logic to minimize false positives, alert duplication, and whitelisting is required.
• The engineer will identify opportunities for client-specific needs to become base content, including rules, automations, and dashboards.
• Identifying opportunities for log content reduction and removal of irrelevant events is also part of the job.
• Delivering functional value from research in the form of queries, signatures, rules, and contextual information is expected.
• The role includes the advancement of security policies, procedures, and automation.
• Serving as the technical escalation point and communicating with customer IT teams to inform them of issues, help them remediate, and ensure business continuity is essential.
• Signature writing and algorithm creation, along with analyzing event logs to recognize signs of cyber intrusions/attacks, are key tasks.
• The engineer will use Microsoft Azure Sentinel, Defender ATP, O365 ATP, and other Microsoft security suites.
• Developing, automating, and orchestrating tasks with logic apps based on certain events is required.
• Configuring Sentinel Incidents, Workbooks, Hunt queries, and Notebooks is part of the responsibilities.
• Advising on Microsoft Cloud Security capabilities across the Azure platform is expected.
• Proficiency in Kusto Query Language and scripting languages (Python, PowerShell, BASH, and others) is necessary.
• Digital forensic analysis (host, network, other) will be performed using knowledge of network protocols and devices.
• Tools such as Wireshark, TCP Dump, Security Onion, and Splunk will be utilized.
• The engineer will work with SIEM, Packet Analysis, SSL Decryption, Malware Detection, HIDS/NIDS, Network Monitoring Tools, Case Management System, Knowledge Base, Web Security Gateway, Email Security, Data Loss Prevention, Anti-Virus, Network Access Control, Encryption, and Vulnerability Identification.
• Knowledge of intrusion analysis, digital forensics, penetration testing, and detection engineering is required.
• The role involves using .Net programming, Jupyter notebooks, and scripting/development using web APIs.
• There is an option to telecommute.

Requirements:

• A Bachelor’s degree in Computer Science plus two years of experience in the job offered or a similar occupation is required.
• Alternatively, a high school degree plus four years of experience in the job offered or a similar occupation is acceptable.
• Candidates must have experience with Microsoft Azure security solutions and related tools.
• Proficiency in Kusto Query Language and scripting languages such as Python, PowerShell, and BASH is necessary.
• Knowledge of digital forensics, intrusion analysis, and penetration testing is required.
• Familiarity with various security tools and technologies, including SIEM, packet analysis, and malware detection, is essential.
• Strong communication skills are needed to interact with customer IT teams effectively.

Benefits:

• The position offers a competitive salary of $125,500.
• There is an option for telecommuting, providing flexibility in work location.
• Employees will have the opportunity to work with cutting-edge security technologies and solutions.
• The role allows for professional growth and advancement in the field of cybersecurity.