Phone/Skype Hire. Remote
Location: Remote
Duration: 12+ months
Responsibilities
- Review and tune current detection rules within the State SIEM.
- Perform Gap analysis of the current detection coverage.
- Develop detection rules/solutions to cover found Gaps.
- monitor threat intelligence sources for new use cases.
- Work with analysts to create and tune rules.
- Work with the State Threat Hunter to identify and remediate detection coverage gaps.
- Document processes, runbooks, and troubleshooting steps related to the SOAR and integrations.
- Coordinate with engineering, and agency staff as needed to meet goals.
Skills Needed
Five years of experience in supporting large it environments and/or system deployments
5+ years of Strong scripting and automation skills (Python, Bash, PowerShell, or similar).
Understanding of Sigma, YARA, and other industry standard detection languages.
Familiarity with MITRE ATT&CK framework
CISSP, CISA, CISO or equivalent advanced security certification.
Additional relevant certifications (e.g., CEH, OSCP, GPEN).
Vendor certifications in detection engineering.
Proven experience with detection tuning/development..
Experience with dashboard creation and reporting.
Excellent communication and customer service skills for agency-facing engagement.
Experience in working in multi-tenancy environment
Experience in multi-agency or enterprise service projects.
Experience with the Palo Alto Cortex XSIAM platform.
Deep understanding of Windows/Linux artifacts.
Required Education/Certifications:
Bachelor's degree in an information technology or information security related field
Eight years of relevant work experience may be substituted in lieu of education
Never miss an opportunity! Create an alert based on the job you applied for.