Security Architect - Consultant (Detection Engineer)

Role: Security Architect - Consultant (Detection Engineer)

Location: Remote

Interview Process: 1 round, Virtual/Online - potential for a 2nd round onsite as needed

Duration of the Contract: 12 months

Possibility for Extension: Yes

Work Location: Fully Remote

Candidate Location: No SC residency required. Open to nationwide candidates.

W2 Contract

IMPORTANT INFORMATION: This position requires the candidate to be engaged exclusively on Maxpath Technologies’ W2 payroll. Engagements via 1099 or third-party/sub-vendor or Corp-to-Corp arrangements are not accepted.

DAILY DUTIES / RESPONSIBILITIES:

PREFERENCE WILL BE GIVEN TO A CANDIDATE WHO CAN WORK ONSITE OVER HYBRID AND OVER FULL-TIME REMOTE (ON-SITE AS NEEDED).

• REVIEW AND TUNE CURRENT DETECTION RULES WITHIN THE STATE SIEM.

• PERFORM GAP ANALYSIS OF THE CURRENT DETECTION COVERAGE.

• DEVELOP DETECTION RULES/SOLUTIONS TO COVER FOUND GAPS.

• MONITOR THREAT INTELLIGENCE SOURCES FOR NEW USE CASES.

• WORK WITH STATE SOC ANALYSTS TO CREATE AND TUNE RULES.

• WORK WITH THE STATE THREAT HUNTER TO IDENTIFY AND REMEDIATE DETECTION COVERAGE GAPS.

• DOCUMENT PROCESSES, RUNBOOKS, AND TROUBLESHOOTING STEPS RELATED TO THE SOAR AND INTEGRATIONS.

• COORDINATE WITH ENGINEERING, SOC, AND AGENCY STAFF AS NEEDED TO MEET GOALS.

• OTHER DUTIES AS NEEDED.

ADDITIONAL SKILLS AND DUTIES:

• PROVEN EXPERIENCE WITH DETECTION TUNING/DEVELOPMENT..

• EXPERIENCE WITH DASHBOARD CREATION AND REPORTING.

PREFERRED SKILLS (RANK IN ORDER OF IMPORTANCE):

• EXPERIENCE WITH THE PALO ALTO CORTEX XSIAM PLATFORM.

• DEEP UNDERSTANDING OF WINDOWS/LINUX ARTIFACTS.

• EXCELLENT COMMUNICATION AND CUSTOMER SERVICE SKILLS FOR AGENCY-FACING ENGAGEMENT.

• EXPERIENCE IN WORKING IN MULTI- TENANCY ENVIRONMENT

• EXPERIENCE IN MULTI-AGENCY OR ENTERPRISE SERVICE PROJECTS.

REQUIRED EDUCATION/CERTIFICATIONS:

• BACHELOR''S DEGREE IN AN INFORMATION TECHNOLOGY OR INFORMATION SECURITY RELATED FIELD

• EIGHT YEARS OF RELEVANT WORK EXPERIENCE MAY BE SUBSTITUTED IN LIEU OF EDUCATION

• FIVE YEARS OF EXPERIENCE IN SUPPORTING LARGE IT ENVIRONMENTS AND/OR SYSTEM DEPLOYMENTS

• 5+ YEARS OF STRONG SCRIPTING AND AUTOMATION SKILLS (PYTHON, BASH, POWERSHELL, OR SIMILAR).

• UNDERSTANDING OF SIGMA, YARA, AND OTHER INDUSTRY STANDARD DETECTION LANGUAGES.

• FAMILIARITY WITH MITRE ATT&CK FRAMEWORK

PREFERRED EDUCATION/CERTIFICATIONS:

• CISSP, CISA, CISO OR EQUIVALENT ADVANCED SECURITY CERTIFICATION.

• ADDITIONAL RELEVANT CERTIFICATIONS (E.G., CEH, OSCP, GPEN).

• VENDOR CERTIFICATIONS IN DETECTION ENGINEERING.

• Resource is local to Columbia, South Carolina or a surrounding city in South Carolina