Security Content Engineer – Splunk - Remote

Overview

BlueVoyant is looking for a Security Operations Center Security Content Engineer to help our global customers manage their Splunk cloud security solutions. You will be part of a fast-paced team that helps customers to efficiently and effectively derive security insights through generating detection logic, automation and visualizations. This position is fully remote.

In Short

• Ideate and create client-facing detections to surface security and IT operations concerns
• Collaborate with clients to design and implement visualizations to assist clients with understanding security posture, interesting events, and operations metrics
• Assist clients with testing and tuning detection logic to minimize false positives, alert duplication, and whitelisting
• Identify opportunities for client-specific needs to become base content for all MSS, including rules, automations, and dashboards
• Assist integration teams in identifying opportunities for log content reduction and removal of irrelevant events
• Deliver functional value resulting from research in the form of queries, signatures, rules, and contextual information (knowledge base articles)
• Serve as a Technical SOC SME in support to customers (customer facing) and support to sales and marketing
• Supplemental in-depth research of exploits and vulnerabilities which have a high likelihood of occurring within BlueVoyant customer environments
• Assist in the advancement of security policies, procedures, and automation
• Serve as the technical escalation point and mentor for junior detection engineers and Sentinel support staff

Requirements

• Excellent teamwork skills
• Previous signature writing / algorithm creation experience
• Ability to analyze event logs and recognize signs of cyber intrusions/attacks
• Hands-on experience with Microsoft Azure Sentinel, Defender ATP, O365 ATP, and other Microsoft security suites.
• Strong experience with scripting languages (Python, PowerShell, others)
• Strong experience with digital forensic analysis (host, network, other) and blue team operations
• Ability to work directly with customers to understand requirements for and feedback on security services
• Advanced written and verbal communication skills and the ability to present complex technical topics in clear and easy-to-understand language
• Skilled in the creation of signatures for security tools
• Familiarity with tools such as Wireshark, TCP Dump, Security Onion, and Splunk

Benefits

• Remote work flexibility
• Opportunity to work with a global team
• Professional development and training opportunities
• Engagement in cutting-edge cybersecurity projects
• Competitive salary and benefits package