Security Content Engineer

Company: MindPoint Group
Location: Raleigh
Posted on: November 26, 2022

Job Description:

Security Content Engineer Department:SOC Location: Text code CONTENT to 202-915-6712 to apply! MindPoint Group delivers industry-leading cybersecurity solutions, services, and products. We are trusted cybersecurity advisors to key government and commercial decision-makers and support security operations for some of the most security-conscious organizations globally. Our relationship with you is for the long run because your success is our success. We invest in your success through fantastic benefits (healthcare, generous PTO, paid parental leave, and tuition reimbursement, to name a few). Beyond just excellent pay and benefits, you-ll want to work here for reasons that can-t be written into an offer letter-the challenge, growth opportunities, and most important: the culture of a company that cares about you. A position at MPG promises you + A diverse organization + A safe workplace with zero tolerance for discrimination or harassment of any kind + A balanced work life. Seriously. + A stable, established, and growing business + A leadership team focused on your professional growth and development Job Description MindPoint Group is seeking a forward-thinking and self-motivated Security Content Engineer to focus on enhancing detection content for the Security Operations Center (SOC). This exciting role requires curiosity, creativity, and critical thinking skills, as well as superior attention to detail, great organizational skills, and the ability to work in a highly collaborative work environment. The Security Content Engineer will focus on mapping existing content to the MITRE ATT&CK framework, proposing new content development opportunities and collaborating with SOC team members to tune existing content and create and enhance operational documentation, to mentor members of the Content Team, the Detection Team and the Engineering Team. What you get to do every day: + Implement and maintain detection capabilities across SIEM and EDR/XDR platforms (for example Splunk, Sumo Logic, QRadar, LogRhythm, Carbon Black, CrowdStrike, Tanium, etc. + Evaluate existing EDR/SIEM content to determine which content should be removed or updated to improve fidelity + Leverage the MITRE ATT&CK framework, monitor the threat landscape and evaluate existing data sources to identify opportunities for new EDR/SIEM content development + Research and innovate net new mitigation, detection, and response capabilities given input from industry trends, customer feedback, and personal research + Support the onboarding of new data sources by developing relevant EDR/SIEM content + Develop EDR/SIEM detection uses cases and review with relevant stakeholders, such as engineers, analysts, and others + Collaborate with technology staff at varying levels of expertise to improve logging from various appliances and correct misconfigurations + Coordinate closely with SOC analysts and incident responders to develop playbooks for triaging and responding to events created by the SIEM tool + Coordinate with internal and external teams to improve the accuracy of detection capabilities and implement best practice mitigations and automated response capabilities + Develop and maintain content catalog, including mapping to the MITRE ATT&CK framework, to improve the efficiency of deploying the security stack to new environments + Document and communicate detection capabilities and gaps clearly and effectively leveraging multiple industry frameworks including MITRE ATT&CK, the Cyber Kill Chain, and NIST + Design, develop, and monitor various dashboards and reports that provide information on content coverage, alerting, and fidelity Qualifications US Citizenship required What skills are required? + Bachelor's degree in a related field or equivalent demonstrated experience and knowledge + Eight (8) years of relevant cybersecurity expertise + Direct experience developing EDR/SIEM content in collaboration with a Tier 1 security operations center + Effective verbal and written communication skills that include the ability to describe highly technical concepts in non-technical terms + Ability to manage, analyze, and report complex data in an easy-to-understand format for a variety of stakeholders + Understanding of cyber security and IT disciplines including networking, operating systems, authentication protocols, general enterprise network architecture, and security incident response + Understanding of common enterprise technology purposes and logging capabilities including firewalls, Active Directory, antivirus/EDR, IDS/IPS, proxies, and cloud platforms + Understanding of log aggregation or correlation technology platforms (Splunk, Sumo Logic, QRadar, LogRhythm, etc.) + Understanding of security detection frameworks such as MITRE ATT&CK, Cyber Kill Chain, and NIST + Positive and Influential Attitude, Energy, and Effort + Adaptability, Accountability, Helpfulness, and Focus + Ability to communicate east-west across multiple diverse teams in both focus, skillset, and geo-location What is ideal? + Regular expression, scripting, and programming experience are not required, but highly desirable + Certifications such as Network+, Security+, CySA+, GDAT, GCED, CISSP are not required, but highly desirable Additional Information + All offers are contingent upon proof of full vaccination against COVID-19 or successful accommodation for an exemption. + All your information will be kept confidential according to EEO guidelines. + Compensation is unique to each candidate and relative to the skills and experience they bring to the position. The salary range for this position is typically $130-150k. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range. + Highlights of our benefits include Health/Dental/Vision, 401(k) match, Flexible Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, maternity/paternity leave, mobile phone stipend, pre-tax commuter benefits, the opportunity to participate in our mentorship program, and more! + MindPoint is committed to maintaining a diverse environment. All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Text code CONTENT to 202-915-6712 to apply!

Keywords: MindPoint Group, Raleigh , Security Content Engineer, Engineering , Raleigh, North Carolina