SIEM and Detection Engineer

SIEM and Detection Engineer

Job Summary: Talent Software Services is in search of a SIEM and Detection Engineer for a contract position in Tyler, TX. The opportunity will be three months with a strong chance for a long-term extension.

Position Summary: The role reports directly to the lead of Security Operations and is part of the office of the CISO. This position is accountable for the architecture, engineering, and automation of in-house security platforms, including the Microsoft Sentinel SIEM and associated SOAR tooling. The ideal candidate will have deep technical expertise in the Microsoft security stack and demonstrated excellence in the development of security automation across domains such as alert triage, response, and other security processes like patch and vulnerability management. This role involves extensive collaboration with various IT teams to define appropriate log ingestion, data enrichment, alerting, and response actions via the SIEM/SOAR platform. Additionally, the role supports the Security Operations Center (SOC) for advanced SIEM queries and analytic alerts.

Primary Responsibilities/Accountabilities:

• Identify and deploy new detections or automations within NorthMark Strategies SIEM / SOAR platform
• Drive creation and implementation of SIEM content (e.g., rules, alerts, dashboards, etc.)
• Ensure better analytics via SIEM by improving the signal-to-noise ratio in SIEM content, conducting regular assessments, and tuning Sentinel configurations to reduce false positives and enhance detection capabilities
• Design and implement automation for alert enrichment, common detections closure, and response actions
• Benchmark existing detections and develop a roadmap for expansion of coverage
• Continuously test SIEM / SOAR platform to identify and remediate gaps in detection and prevention coverage
• Integrate with the external SOC provider to optimize the partnership and improve detection and response capabilities
• Consolidate data sources across many Microsoft tenants, systems, and companies into a single source for consolidation of Security Operations procedures
• Partner with various IT organizations to design and implement security monitoring across all core business applications
• Maintain all Security Operations tooling to ensure high availability of all log sources
• Partner with Security Analysts to enhance Security Operations procedures as well as incident response
• Consolidate and automate Security Operations Metrics from various sources
• Automate Incident Response processes and workflows
• Develop and adhere to SIEM Engineering change control procedures and processes
• Manage DLP tools and technologies, ensuring they are configured correctly and functioning optimally
• Provide training and support to team members on SIEM functionalities

Qualifications:

• Specialized SIEM / Detection engineering skillset
• Experience in Sentinel / Defender is a plus, but open to detection engineering and automation experience across all SIEM platforms (Splunk, Elastic, etc.)