The Security Content Engineer provides deployment and content development services for customers of Devo’s Security Incident Event Management (SIEM) product. The ideal candidate is a hybrid of the following: security practitioner/analyst, product integrator, engineer and problem solver.
Essential Duties and Responsibilities:
- Leverage subject matter expertise to provide security advisory/consulting services to Devo customers.
- Collaborate with the product team as security advisor in architecture and design.
- Create Alerts, enrichments, content and techniques from experience as a security practitioner
- Apply security subject matter experience to assist customers in the deployment and usage of the Devo product.
- Monitoring and maintenance the Devo SIEM and/or software product.
- Configure third party enrichment integrations
- Design and implement new dashboards, charts/graphs, reports, searches and logic chains through the User Interface and the API Troubleshooting, diagnosing, and resolving issues.
- Review customer processes and business requirements to help determine new and innovative ways to leverage Devo.
- Ability to learn and work on changing technologies.
- Respond to customer´s calls, emails and act accordingly regarding issues.
- Establish and maintain good working relationship with customers and internal development and security engineering teams.
Qualifications and Experience:
- BS/BA degree in a technical field, or equivalent experience.
- Deep networking background, knowledge of services and protocols
- Must have a deep technical capability in at least one of the following: Red team/blue team, Security Operations/Incident Response, Research/Threat Detection, Threat Hunting, Development, Malware analysis, DFIR, Breach Response.
- Experienced with multiple SIEMs, Threat Intelligence, Behavioral analysis, workflow and integrations
- Understand high capacity data ingestion and search pipeline design functions from either commercial or open source products
- Daily work with cloud providers such as AWS, Azure or Google cloud with automation and CI/CD tool chains.
- Minimum of 3+ years of work experience as a security practitioner or related role.
- Strong focus and dedication to customers.
- Effective written and verbal communication and interpersonal skills.
- Strong analytical approach for diagnosing and troubleshooting to resolve technical problems and issues.
- Prior experience developing content on large scale SIEM deployments is preferred.
- Deep experience with developing content one or more SIEM products is required.
- Experienced with Cloud platforms (i.e. AWS, Azure, AWS GovCloud, CloudOne).
- Capable of using CLI, APIs and UI.
- Hands on experience with database and/or big data query languages (i.e SQL, SPL, Linq)
- Experience with syslog.
- Knowledge of products/processes including git, Jira, and Confluence.
- Prior experience with MISP is preferred.
- Prior experience supporting security products deployed within the DoD is preferred
AN ACTIVE DoD SECURITY CLEARANCE IS REQUIRED FOR THIS POSITION, FOR WHICH YOU MUST BE A US CITIZEN.
All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.
Up to 25%
We are an equal opportunity employer and value diversity at our company.
More Jobs From