: Security Content Developer
150 Cambridgepark Drive, Suite 702
Cambridge, MA 02140

Video

The Security Content Developer is a practitioner-focused, hybrid of roles stemming from the following: security practitioner/analyst, product integrator, engineer, and problem solver.

We apply practitioner and engineering development experience into Devo Security products and services, for customers and partners and in the worldwide security community. 

 

Job of the Devo Security Content Engineer:

•   Expand the detections, observations, indicators and workflow of the product

•   Increase enrichment capabilities of product

•   micro services capabilities for our services model

•   Apply security subject matter expertise to product context and enrichment, customers (via hunting) and partners

◦                     UI/UX workflow

◦                     ML feature extraction

◦                     detections, searches, enrichments, alert and reporting

◦                     product security expertise [SSDLC/security assessment]

•   Conduct industry leading security research to help the community

•   Speak at conferences and present research

 

Bring security expertise to productize Devo’s Security Platform

1) Data observations moved through workbench to threat response

2) feature engineering (SME on features for modeling)

3) Adding context + enrichment (threat data, entitlements, responsibilities, etc) 

Developing ways to ask intuitive questions

Understanding Entities (IPs, domains, people) entitlements and activities users/assets

4) Complex Event Processing rule logic, tying all of 1-3 together (series of JOINs that illustrate the right information, think about a search like a correlation rule, with conditions.

5) Incident Response Workflow

- action framework (get more context like an endpoint/packet capture/orchestration/enrichment)

- Hunting methodology

- visualization for investigation

- reporting 

- Query Logic

 

Job activities

 

•   Develop Security tools, best practices and processes using Devo’s platform to help productize security expertise and workflow

•   Design and implement new dashboards, charts/graphs, reports, searches and logic chains through the User Interface and the API

•   User Interface, API/SDK and external interactions with the platform

•   Have deep technical expertise in CND/CNO technologies, forensic tools, and active defense technologies that influence workflow.

•   Design rapid prototypes leveraging the core platform for security use cases.

•   Review customer processes and business requirements to help determine new and innovative ways to leverage Devo

•   Provides community security leadership to extend the organizations ability to optimize use of emerging security technologies

•   Stays current with security technologies and threats and make recommendations for use based on business value.

•   Translate security acumen to code, in adversary tactics, techniques and procedures.

  

A Devo Security Content Engineer builds partnerships and collaborative interaction between internal groups

such as Security Engineering, Services, Product, CloudOps and partnered customers. This role may represent up to 25% travel.

 

Role

•   Create Alerts, enrichments, content and techniques from experience as a security practitioner

•   Collaborate with the product team as security advisor in architecture and design.

•   We build security into our products, not just the security features

•   Advise product on Information Security issues, systems, processes, products, and services.

•   Collaborate with Product, Engineering, CloudOps, and other affiliated groups to work through strategic product initiatives.

•   Using Devo as a platform to contribute to security community to push security research

•   Fuel Development and Design in Devo based on security research in the field.

•   Drive innovation using Devo for security research, automation, investigation and visualization for customers.

 

Qualifications

•   Deep networking background, knowledge of services and protocols

•   Daily work with cloud providers such as AWS, Azure or Google cloud with automation and CI/CD tool chains.

•   Must have a deep technical capability in at least one of the following: Red team/blue team, Security Operations/Incident Response, Research/Threat Detection, Threat Hunting, Development, Malware analysis, DFIR, Breach Response.

•   Minimum of 5-7 years or work experience as a security practitioner or related role.

•   Experienced with multiple SIEMs, Threat Intelligence, Behavioral analysis, workflow and integrations

•   Capable of using CLI, APIs or UI for daily product interaction.

•   Daily work with git, gitflow, JIRA, unit testing and integration as part of agile process of engineering

•   Understand high capacity data ingestion and search pipeline design functions from either commercial or open source products

•   Systems administration skills using both *nix and Microsoft platforms, extending APIs, Integrating technology.

•   Comfortable in java, JavaScript, python, Groovy. 

•   Capable in web frameworks such as node.js, react, angular.

•   Strong written and verbal communication skills.

 

We are an equal opportunity employer and value diversity at our company.

Full-time