Security Content Engineer – Splunk

Summary
BlueVoyant is looking for a Security Operations Center Security Content Engineer to help our global customers manage their Splunk cloud security solutions. You will be part of a fast-paced team that helps customers to efficiently and effectively derive security insights through generating detection logic, automation, and visualizations. This position is fully remote.

Security Content Engineer – Splunk
Location: Remote in the United States
US Citizenship Required

Key Responsibilities

• Ideate and create client-facing detections to surface security and IT operations concerns
• Collaborate with clients to design and implement visualizations to assist clients with understanding security posture, interesting events, and operations metrics
• Assist clients with testing and tuning detection logic to minimize false positives, alert duplication, and whitelisting
• Identify opportunities for client-specific needs to become base content for all MSS, including rules, automations, and dashboards
• Assist integration teams in identifying opportunities for log content reduction and removal of irrelevant events
• Deliver functional value resulting from research in the form of queries, signatures, rules, and contextual information (knowledge base articles)
• Serve as a Technical SOC SME in support to customers (customer facing) and support to sales and marketing
• Supplemental in-depth research of exploits and vulnerabilities which have a high likelihood of occurring within BlueVoyant customer environments
• Assist in the advancement of security policies, procedures, and automation
• Serve as the technical escalation point and mentor for junior detection engineers and Sentinel support staff
• Regularly communicate with customer IT teams to inform them of issues, help them remediate, and ensure that they continue to operate business as usual
• Assist with advancing security standard operating procedures and incident response reporting

Qualifications

• Excellent teamwork skills
• Previous signature writing / algorithm creation experience
• Ability to analyze event logs and recognize signs of cyber intrusions/attacks
• Hands-on experience with Microsoft Azure Sentinel, Defender ATP, O365 ATP, and other Microsoft security suites
• Hands-on experience with Microsoft Threat Protection suite of security solutions (Defender ATP, Azure ATP, Office 365 ATP, Microsoft Cloud Application Security), Azure Active Directory, Azure Security Center, Azure Log Analytics, and M365 suite of solutions
• Hands-on experience for the following:
• Develop, automate, and orchestrate tasks (playbooks) with logic apps based on certain events
• Configure Sentinel Incidents, Workbooks, Hunt queries, Notebooks
• Ability to advise customers on the Microsoft Cloud Security capabilities across the Azure platform
• Kusto Query Language (KQL)
• Strong experience with scripting languages (Python, PowerShell, others)
• Strong experience with digital forensic analysis (host, network, other) and blue team operations
• Strong knowledge and understanding of network protocols and devices
• Ability to work directly with customers to understand requirements for and feedback on security services
• Advanced written and verbal communication skills and the ability to present complex technical topics in clear and easy-to-understand language
• Strong teamwork and interpersonal skills, including the ability to work effectively with a globally distributed team
• Skilled in the creation of signatures for security tools
• Familiarity with tools such as Wireshark, TCP Dump, Security Onion, and Splunk
• Strong knowledge of the following:
• SIEM
• Packet Analysis
• SSL Decryption
• Malware Detection
• HIDS/NIDS
• Network Monitoring Tools
• Case Management System
• Knowledge Base
• Web Security Gateway
• Email Security
• Data Loss Prevention
• Anti-Virus
• Network Access Control
• Encryption
• Vulnerability Identification

Preferred Qualifications

• Experience in intrusion analysis, digital forensics, penetration testing, detection engineering, or related areas
• 7+ years of experience in information technology or information security, 4 of which were spent dealing directly with SIEM solutions and detection content creation
• Microsoft 365 Certified: Security Administrator Associate and GCFA, GCFE, or OSCP preferred
• Familiarity with Azure, .Net programming, Jupyter notebooks, and scripting/development using web APIs

Education

• Minimum bachelor’s degree in Information Security, Computer Science, or other IT-related field or equivalent experience

About BlueVoyant
At BlueVoyant, we recognize that effective cyber security requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics, and technology, coupled with deep expertise, works as a force multiplier to secure your full ecosystem. Accuracy! Actionability! Timeliness! Scalability!

Led by CEO, Jim Rosenthal, BlueVoyant’s highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200, and GCHQ, together with private sector experts. BlueVoyant services utilize large real-time datasets with industry leading analytics and technologies.

Founded in 2017 by Fortune 500 executives, including Executive Chairman, Tom Glocer, and former Government cyber officials, BlueVoyant is headquartered in New York City and has offices in Maryland, Tel Aviv, San Francisco, London, Budapest, and Latin America.

All employees must be authorized to work in the United States. BlueVoyant provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, BlueVoyant complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.

Disclaimer: Please note that pursuant to contractual requirements and applicable law, in order for employees to perform work on some of the company’s federal contracts, U.S. citizenship is required. Accordingly, an employee’s ability to perform work on such contracts is contingent upon the company’s verification of the employee’s citizenship status. Furthermore, individuals may be subject to additional background checks and fingerprinting.

BlueVoyant Candidate Privacy Notice
To understand how we secure and manage your personal data upon submitting a job application, please see our Candidate Privacy Notice, which can be found here - Candidate Privacy Notice