Sr. IT Cyber Security Detection Engineer
JOB SUMMARY
This position will support our Security Operations Center (SOC) by engineering new threat detections, so our SOC analyst can monitor and respond to cyber security activity across Southern Company’s IT and OT networks.
As a Senior Detection Engineer, you will be responsible for developing and continuous improvement of detection capabilities across OT and IT networks. You’ll strategize logical deployment locations for detections across devices and SIEMs, building detection signatures on premise and in cloud environments.
You’ll serve as an expert level SME in the Detection Engineering & Automation team, capable of quickly acclimating to new signature languages and APIs. You’ll coordinate with device owners to leverage device detections efficiently, while enriching existing detections and fortifying our environment based on the Mitre ATT&CK framework.
JOB REQUIREMENTS
A formal education in Computer Science or a related field, or equivalent experience in IT Security related roles is required for this position. Minimum 2 years working or supporting a Security Operations Center (SOC) required Minimum 2 years creating SOC detection use cases required Knowledge of multiple query languages SPL, KQL, SQL, XQL, LQL required Minimum 3 year of applied knowledge developing alerts in Microsoft Azure Sentinel Cloud SIEM or Splunk Enterprise Security Applications required Minimum 2 years supporting IT infrastructure or Information Security devices/technologies required 2 years’ experience implementing Mitre ATT&CK framework or Lockheed Martin Cyber Kill Chain required Intrusion Detection, Ethical Hacking, and Monitoring certifications a plus (GCIA, CEH, GMON, OSCP, etc) Expert knowledge supporting Security Information and Event Management platforms such as Splunk and Splunk Enterprise Security App Expert level experience developing & managing content within an Enterprise Security Manager application: including dashboards, risk based alerting, active channels, reports, correlation rules, filters, trends, network models, etc. Advanced knowledge of networking protocols and addressing schemes, i.e., TCP/IP functions, CIDR blocks, subnets, addressing, communications, etc Comprehensive working knowledge of Linux, Unix, and Windows OS Scripting skills such as Perl, Python, and/or Shell scripting are a plus. Database skills with MySQL, SQL, Oracle are preferred Experience working with regular expressions are a plus. Excellent problem solving and analytical skills; ability to solve complex technical issues Strong customer service skills Exhibit initiative, follow-up and follow through with commitments Ability to support and work in a team environment Strong technical writing skills Ability to manage multiple tasks and priorities in a high-pressure environment Intermediate understanding of IT Security and the ability to apply risk management principles in all aspects IT Security Working knowledge of Southern Company infrastructure is a plus
MAJOR JOB RESPONSIBILITIES:
Be a key contributing member of the use case detection strategy and lifecycle for the team Utilize broad knowledge of security operations, intrusion detection, and security logging to integrate detection use cases into the environment Perform tuning and root cause analysis to increase efficacy of existing use cases and reduce false positives Participate in stakeholder meetings to devise use case detections for their teams Provide feedback and code review of detections created by team members