This job has closed.

Tyto Athene, LLC · 1 day ago

SIEM Content Engineer

United States

Full-time

Remote

Senior Level, Lead/Staff

$150K/yr - $160K/yr

8+ years exp

Tyto Athene is searching for a forward-thinking and self-motivated SIEM Content Engineer to enhance a government client’s detection content for their Security Operations Center (SOC). This role requires creativity, critical thinking skills, and collaboration with various stakeholders to develop SIEM content and improve security operations.

Information Technology

Work & Life Balance

No H1B

Security Clearance Required

U.S. Citizen Only

Hiring Manager

Jordan Nugent

Responsibilities

Evaluate existing SIEM content to determine which content should be removed or updated to improve fidelity

Leverage the MITRE ATT&CK framework, monitor the threat landscape and evaluate existing data sources to identify opportunities for new SIEM content development

Support the onboarding of new data sources by developing relevant SIEM content

Develop SIEM detection uses cases and review them with relevant stakeholders, such as security engineers, SIEM engineers, SOC analysts, and incident responders

Collaborate with security engineers to improve logging from various appliances and correct misconfigurations

Coordinate closely with SOC analysts and incident responders to develop playbooks for triaging and responding to events created by the SIEM tool

Develop and maintain a SIEM content catalog, including mapping to the MITRE ATT&CK framework, to improve the efficiency of deploying the security stack to new environments

Design, develop, and monitor various dashboards and reports that provide information on content coverage, alerting, and fidelity

Qualification

SplunkSIEM content developmentMITRE ATT&CK FrameworkData analysisEffective communication

Required

Bachelor's degree required

Eight (8) years of general work experience (with at least six (6) years of IT/Cyber experience) and two (2) years of experience using Splunk (or a similar SIEM tool) in a cybersecurity context (e.g., as a content developer, administrator, or SOC analyst, etc.…)

Direct experience developing SIEM content in collaboration with a Tier 1 security operations center

Effective verbal and written communication skills that include the ability to describe highly technical concepts in non-technical terms

Ability to manage, analyze, and report complex data in an easy-to-understand format for a variety of stakeholders

Familiarity with the MITRE ATT&CK Framework

Experience with Splunk and development

Experience developing Splunk dashboards, reports, and alerts

Secret Clearance required