Sr. IT Security Detection Engineer - Lead
This position will support our Security Operations Center (SOC) by engineering new threat detections, so our SOC analyst can monitor and respond to cyber security activity across Southern Company's IT and OT networks. As the team lead you will be responsible for leading a small team of 2-4 personnel with the mission to create actionable threat detections. You will be responsible for the continuous improvement of our detection capabilities across IT and OT networks as well as increasing and reporting the efficacy of each detection. You will prioritize new threat detection based on intelligence curated from our Cyber Threat Intelligence team, and cases from our Incident Response teams. You'll leverage the Mitre Att&ck framework for both on-premise security technologies and cloud technologies. JOB REQUIREMENTS A formal education in Computer Science or a related field, or equivalent experience in IT Security related roles is required for this position. Minimum 3 years working or supporting a Security Operations Center (SOC) required Minimum 1 year of applied knowledge developing alerts in Microsoft Azure Sentinel Cloud SIEM required Minimum 1 year of applied knowledge developing alerts in Splunk Enterprise Security Application required Minimum 3 years supporting IT infrastructure or Information Security devices/technologies 1 years' experience implementing Mitre ATT&CK framework or Lockheed Martin Cyber Kill Chain Offensive security certifications preferred (OSCP, OSWP) Former experience as a technical lead a plus Expert knowledge supporting Security Information and Event Management platforms such as Splunk and Splunk Enterprise Security App Intermediate experience developing & managing content within an Enterprise Security Manager application:
including dashboards, risk based alerting, active channels, reports, correlation rules, filters, trends, network models, etc. Advanced knowledge of networking protocols and addressing schemes, i.e., TCP/IP functions, CIDR blocks, subnets, addressing, communications, etc Comprehensive working knowledge of Linux, Unix, and Windows OS Scripting skills such as Perl, Python, and/or Shell scripting are a plus. Database skills with MySQL, SQL, Oracle are preferred Experience working with regular expressions are a plus. Excellent problem solving and analytical skills; ability to solve complex technical issues Strong customer service skills Exhibit initiative, follow-up and follow through with commitments Ability to support and work in a team environment Strong technical writing skills Ability to manage multiple tasks and priorities in a high-pressure environment Intermediate understanding of IT Security and the ability to apply risk management principles in all aspects IT Security Working knowledge of Southern Company infrastructure is a plus MAJOR JOB RESPONSIBILITIES Create a use case detection strategy and lifecycle for the team Perform as subject matter expert on all threat detection tools (Cloud, SIEM, etc) Prioritize detections based on risk to the business utilize the Mitre ATT&CK Framework and other methodologies Meet with stakeholders and devise use case detections for their teams Delegate day-to-day tasks to team members Manage and track operational metrics for the detection engineering team Implement feedback system and work with the Security Operations Center personnel to improve detection and hunting capabilities Implement a content development lifecycle for continuous detection improvement Establish and maintain excellent working relationships/partnerships with the cyber security and infrastructure support teams throughout the Information Technology organization, as well as business unit stakeholder SMEs Establish and maintain positive relationships/partnerships with appropriate vendors. Meet with our Cyber Threat Intelligence and Incident Response teams on a regular cadence to ensure our use case prioritization is based on actionable CTI and current security incidents.
Salary Range:
$80K -- $100K
Minimum Qualification
System & Network Administration, IT SecurityEstimated Salary: $20 to $28 per hour based on qualifications.
including dashboards, risk based alerting, active channels, reports, correlation rules, filters, trends, network models, etc. Advanced knowledge of networking protocols and addressing schemes, i.e., TCP/IP functions, CIDR blocks, subnets, addressing, communications, etc Comprehensive working knowledge of Linux, Unix, and Windows OS Scripting skills such as Perl, Python, and/or Shell scripting are a plus. Database skills with MySQL, SQL, Oracle are preferred Experience working with regular expressions are a plus. Excellent problem solving and analytical skills; ability to solve complex technical issues Strong customer service skills Exhibit initiative, follow-up and follow through with commitments Ability to support and work in a team environment Strong technical writing skills Ability to manage multiple tasks and priorities in a high-pressure environment Intermediate understanding of IT Security and the ability to apply risk management principles in all aspects IT Security Working knowledge of Southern Company infrastructure is a plus MAJOR JOB RESPONSIBILITIES Create a use case detection strategy and lifecycle for the team Perform as subject matter expert on all threat detection tools (Cloud, SIEM, etc) Prioritize detections based on risk to the business utilize the Mitre ATT&CK Framework and other methodologies Meet with stakeholders and devise use case detections for their teams Delegate day-to-day tasks to team members Manage and track operational metrics for the detection engineering team Implement feedback system and work with the Security Operations Center personnel to improve detection and hunting capabilities Implement a content development lifecycle for continuous detection improvement Establish and maintain excellent working relationships/partnerships with the cyber security and infrastructure support teams throughout the Information Technology organization, as well as business unit stakeholder SMEs Establish and maintain positive relationships/partnerships with appropriate vendors. Meet with our Cyber Threat Intelligence and Incident Response teams on a regular cadence to ensure our use case prioritization is based on actionable CTI and current security incidents.
Salary Range:
$80K -- $100K
Minimum Qualification
System & Network Administration, IT SecurityEstimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
