RemoteDescription:The client is looking for a security architect - consultant (detection engineer)Scope of the project: the position will work as a consulting detection engineer within the division of information security. This role will focus on creating, tuning, and maintaining new and existing detection rules within the client monitoring environment. Engaging directly with the client to promote, support, and improve adoption of centralized security services is a key focus. Daily duties / responsibilities:Review and tune current detection rules within the client siem.Perform gap analysis of the current detection coverage.Develop detection rules/solutions to cover found gaps.Monitor threat intelligence sources for new use cases.Work with client analysts to create and tune rules.Work with the client threat hunter to identify and remediate detection coverage gaps.Document processes, runbooks, and troubleshooting steps related to the soar and integrations.Coordinate with engineering, client staff as needed to meet goals.Other duties as needed.Additional skills and duties:Proven experience with detection tuning/development..Experience with dashboard creation and reporting.Excellent communication and customer service skills for agency-facing engagement.Experience in working in multi-tenancy environmentExperience in multi-agency or enterprise service projects.Required education/certifications:Bachelor's degree in an information technology or information security related fieldEight years of relevant work experience may be substituted in lieu of educationFive years of experience in supporting large it environments and/or system deployments5+ years of strong scripting and automation skills (python, bash, powershell, or similar).Understanding of sigma, yara, and other industry standard detection languages.Familiarity with mitre att&ck frameworkPreferred skills (rank in order of importance):Experience with the palo alto cortex xsiam platform.Deep understanding of windows/linux artifacts.Preferred education/certifications:Cissp, cisa, ciso or equivalent advanced security certification.Additional relevant certifications (e.g., ceh, oscp, gpen).Vendor certifications in detection engineering.Required skills5+ years of experience with scripting automation (python, bash, powershell, or similar)5+ years of experience in supporting large it environments and/or system deploymentsExperience with Sigma, Yara, and other industry standard detection languagesExperience with MITRE ATT & CK FRAMEWORKPreferred skillsExperience with the Palo Alto Cortex Xsiam platformDeep understanding of Windows/Linux artifactsEducationBachelors degree in an information technology or information security related field; 8+ years of relevant work experience in security architecture may be substituted in lieu of educationCertificationCISSP, CISA, CISO OR EQUIVALENT ADVANCED SECURITY CERTIFICATIONS (CEH, OSCP. GPEN)VENDOR CERTIFICATIONS IN DETECTION ENGINEERINGNotes:RemotePreference will be given to a candidate who can work onsite over hybrid and over full-time remote (on-site as needed). VIVA is an equal opportunity employer. All qualified applicants have an equal opportunity for placement, and all employees have an equal opportunity to develop on the job. This means that VIVA will not discriminate against any employee or qualified applicant on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status
Description:The client is looking for a security architect - consultant (detection engineer)Scope of the project: the position will work as a consulting detection engineer within the division of information security. This role will focus on creating, tuning, and maintaining new and existing detection rules within the client monitoring environment. Engaging directly with the client to promote, support, and improve adoption of centralized security services is a key focus. Daily duties / responsibilities:Review and tune current detection rules within the client siem.Perform gap analysis of the current detection coverage.Develop detection rules/solutions to cover found gaps.Monitor threat intelligence sources for new use cases.Work with client analysts to create and tune rules.Work with the client threat hunter to identify and remediate detection coverage gaps.Document processes, runbooks, and troubleshooting steps related to the soar and integrations.Coordinate with engineering, client staff as needed to meet goals.Other duties as needed.Additional skills and duties:Proven experience with detection tuning/development..Experience with dashboard creation and reporting.Excellent communication and customer service skills for agency-facing engagement.Experience in working in multi-tenancy environmentExperience in multi-agency or enterprise service projects.Required education/certifications:Bachelor's degree in an information technology or information security related fieldEight years of relevant work experience may be substituted in lieu of educationFive years of experience in supporting large it environments and/or system deployments5+ years of strong scripting and automation skills (python, bash, powershell, or similar).Understanding of sigma, yara, and other industry standard detection languages.Familiarity with mitre att&ck frameworkPreferred skills (rank in order of importance):Experience with the palo alto cortex xsiam platform.Deep understanding of windows/linux artifacts.Preferred education/certifications:Cissp, cisa, ciso or equivalent advanced security certification.Additional relevant certifications (e.g., ceh, oscp, gpen).Vendor certifications in detection engineering.Required skills5+ years of experience with scripting automation (python, bash, powershell, or similar)5+ years of experience in supporting large it environments and/or system deploymentsExperience with Sigma, Yara, and other industry standard detection languagesExperience with MITRE ATT & CK FRAMEWORKPreferred skillsExperience with the Palo Alto Cortex Xsiam platformDeep understanding of Windows/Linux artifactsEducationBachelors degree in an information technology or information security related field; 8+ years of relevant work experience in security architecture may be substituted in lieu of educationCertificationCISSP, CISA, CISO OR EQUIVALENT ADVANCED SECURITY CERTIFICATIONS (CEH, OSCP. GPEN)VENDOR CERTIFICATIONS IN DETECTION ENGINEERINGNotes:Remote
Preference will be given to a candidate who can work onsite over hybrid and over full-time remote (on-site as needed).
(Please ensure email matches your resume email)
(document types allowed: doc/docx/rtf/pdf/txt) (max 2MB)
By submitting this form, you are consenting to the VIVA team contacting you via Phone/Email