Detection Engineer

Bionic is seeking a Detection Engineer to help us bring SIEM superpowers to customer teams.

Location: Remote

Employment Type: Contract

The ideal candidate has:

  • Previous hands-on experience configuring and using Security Information and Event Management (SIEM) platforms and/or log management systems that perform log collection, analysis, correlation, and alerting; Splunk is strongly preferred.

  • Ability to develop rules, filters, views, signatures, and extend functionality via applications and scripts to support analysis and detection efforts.

  • Ability to build and interpret Search Processing Language (SPL)

  • Strong understanding of REST and similar integration concepts

  • Ability to identify opportunities for workflow enhancements or reduced toil in security operations (specifically in SIEM) and devise solutions

  • A working knowledge of modern information technology (IT) environments, including common operating systems and their logging capabilities, network communications and routing protocols, and identity and access management systems.

 

In this role, you will:

  • Develop, maintain, and deliver security content to various SIEM environments (most commonly Splunk).

  • Identify, prioritize, and implement new use cases integrations to support those use cases as part of a robust detection and alerting pipeline.

  • Manage detection engineering backlog to ensure a consistent stream of timely, prioritized content.

  • Draw from your knowledge of attacker tactics and techniques to develop or propose new detection requirements not explicitly requested by customers.

  • Engage with customer teams to ensure detections are working as intended.

  • Map security content to leading adversarial and defense technique frameworks (e.g. MITRE ATT&CK, D3FEND) and common control frameworks.

  • Capture and communicate work performed on a weekly basis.

  • Work with the Bionic development team to extend and improve our proprietary automation platform relative to Splunk and other SIEM tools.

 

Candidates must possess one or more of the following qualifications:

  • A willingness to provide consistent and measurable support, subject to your scheduling constraints, as an independent contractor

  • At least 4 years of experience working with SIEM tools in a security operations environment or equivalent expertise

  • A body of work that demonstrates expertise in Splunk Enterprise Security, novel solutions to defensive challenges (specific to Splunk), and excellent client support

  • Eligibility to work in the United States

  • Excellent verbal and written communication skills, including the ability to summarize complex engineering concepts using simple terms

  • A consultative mindset and high comfort level working directly with clients

To apply, please send a brief introduction along with your resume to careers@bioniccyber.com referencing this listing.

RemoteMark OrlandoContract