Job ID: SC-10793 (912590429)

Remote/Local Security Engineer/Architect (CISSP/CISA/CISO/SECURITY/CEH/OSCP/GPEN) with SIEM, Detection coverage gap remediation, Threat Intelligence, Python/Bash/PowerShell, Sigma/Yara, Tunning, PALO ALTO CORTEX XSIAM, Windows/Linux, MITRE ATT&CK experience

Location: Columbia, SC (ADMIN)
Duration: 12 Months
Work Location: Fully Remote
Candidate Location: No SC residency required. Open to nationwide candidates.
Interview Process: 1 round, Virtual/Online – potential for a 2nd round onsite as needed

REQUIRED EDUCATION/CERTIFICATIONS:
•     BACHELOR’S DEGREE IN AN INFORMATION TECHNOLOGY OR INFORMATION SECURITY RELATED FIELD
•     EIGHT YEARS OF RELEVANT WORK EXPERIENCE MAY BE SUBSTITUTED IN LIEU OF EDUCATION
•     FIVE YEARS OF EXPERIENCE IN SUPPORTING LARGE IT ENVIRONMENTS AND/OR SYSTEM DEPLOYMENTS
•     5+ YEARS OF STRONG SCRIPTING AND AUTOMATION SKILLS (PYTHON, BASH, POWERSHELL, OR SIMILAR).
•     UNDERSTANDING OF SIGMA, YARA, AND OTHER INDUSTRY STANDARD DETECTION LANGUAGES.
•     FAMILIARITY WITH MITRE ATT&CK FRAMEWORK

PREFERRED EDUCATION/CERTIFICATIONS:
•     CISSP, CISA, CISO OR EQUIVALENT ADVANCED SECURITY CERTIFICATION.
•     ADDITIONAL RELEVANT CERTIFICATIONS (E.G., CEH, OSCP, GPEN).
•     VENDOR CERTIFICATIONS IN DETECTION ENGINEERING.
•     Resource is local to Columbia, South Carolina or a surrounding city in South Carolina

ADDITIONAL SKILLS AND DUTIES:
•     PROVEN EXPERIENCE WITH DETECTION TUNING/DEVELOPMENT..
•     EXPERIENCE WITH DASHBOARD CREATION AND REPORTING.
•     EXCELLENT COMMUNICATION AND CUSTOMER SERVICE SKILLS FOR AGENCY-FACING ENGAGEMENT.
•     EXPERIENCE IN WORKING IN MULTI-TENANCY ENVIRONMENT
•     EXPERIENCE IN MULTI-AGENCY OR ENTERPRISE SERVICE PROJECTS.

PREFERRED SKILLS (RANK IN ORDER OF IMPORTANCE):
•     EXPERIENCE WITH THE PALO ALTO CORTEX XSIAM PLATFORM.
•     DEEP UNDERSTANDING OF WINDOWS/LINUX ARTIFACTS.

DAILY DUTIES / RESPONSIBILITIES:
PREFERENCE WILL BE GIVEN TO A CANDIDATE WHO CAN WORK ONSITE OVER HYBRID AND OVER FULL-TIME REMOTE (ON-SITE AS NEEDED).

•     REVIEW AND TUNE CURRENT DETECTION RULES WITHIN THE STATE SIEM.
•     PERFORM GAP ANALYSIS OF THE CURRENT DETECTION COVERAGE.
•     DEVELOP DETECTION RULES/SOLUTIONS TO COVER FOUND GAPS.
•     MONITOR THREAT INTELLIGENCE SOURCES FOR NEW USE CASES.
•     WORK WITH STATE SOC ANALYSTS TO CREATE AND TUNE RULES.
•     WORK WITH THE STATE THREAT HUNTER TO IDENTIFY AND REMEDIATE DETECTION COVERAGE GAPS.
•     DOCUMENT PROCESSES, RUNBOOKS, AND TROUBLESHOOTING STEPS RELATED TO THE SOAR AND INTEGRATIONS.
•     COORDINATE WITH ENGINEERING, SOC, AND AGENCY STAFF AS NEEDED TO MEET GOALS.
•     OTHER DUTIES AS NEEDED.

Remote/Local Security Engineer/Architect (CISSP/CISA/CISO/SECURITY/CEH/OSCP/GPEN) with SIEM, Detection coverage gap remediation, Threat Intelligence, Python/Bash/PowerShell, Sigma/Yara, Tunning, PALO ALTO CORTEX XSIAM, Windows/Linux, MITRE ATT&CK experience

Leave a Reply

Your email address will not be published. Required fields are marked *

Discover more from innoSoul

Subscribe now to keep reading and get access to the full archive.

Continue reading