Senior Security Content Engineer

• Derive security insights through generating detection logic, automation and visualizations.
• Ideate and create client-facing detections to surface security and IT operations concerns.
• Collaborate with clients to design and implement visualizations to assist with understanding security posture, interesting events, and operations metrics.
• Test and tune detection logic to minimize false positives, alert duplication, and whitelisting.
• Identify opportunities for client-specific needs to become base content, including rules, automations, and dashboards.
• Identify opportunities for log content reduction and removal irrelevant events.
• Deliver functional value resulting from research in the form of queries, signatures, rules, and contextual information.
• Advancement of security policies, procedures, and automation.
• Serve as the technical escalation point.
• Communicate with customer IT teams to inform them of issues, help them remediate, and ensure that they continue to operate business as usual.
• Signature writing /algorithm creation. Analyze event logs and recognize signs of cyber intrusions/attacks.
• Use Microsoft Azure Sentinel, Defender ATP, O365 ATP, and other Microsoft security suites.
• Develop, automate, and orchestrate tasks with logic apps based on certain events.
• Configure Sentinel Incidents, Workbooks, Hunt queries, Notebooks.
• Advise on the Microsoft Cloud Security capabilities across the Azure platform.
• Use Kusto Query Language and scripting languages (Python, PowerShell, BASH and others).
• Digital forensic analysis (host, network, other). Use knowledge of network protocols and devices.
• Use Wireshark, TCP Dump, Security Onion, and Splunk. Use SIEM, Packet Analysis, SSL Decryption, Malware Detection, HIDS/NIDS, Network Monitoring Tools, Case Management System, Knowledge Base, Web Security Gateway, Email Security, Data Loss Prevention, Anti-Virus, Network Access Control, Encryption, Vulnerability Identification.
• Use knowledge of intrusion analysis, digital forensics, penetration testing, detection engineering. Use.Net programming, jupyter notebooks, and scripting/ development using web APIs. 

BlueVoyant Candidate Privacy Notice

To understand how we secure and manage your personal data upon submitting a job application, please see our Candidate Privacy Notice, which can be found here - Candidate Privacy Notice