Offer summary

Qualifications:

Deep technical expertise in the Microsoft security stack., Experience with SIEM platforms such as Microsoft Sentinel, Splunk, or Elastic., Proven skills in security automation and incident response processes., Strong understanding of alert triage, patch management, and vulnerability management..

Key responsibilities:

Identify and deploy new detections or automations within the SIEM/SOAR platform.

Drive the creation and implementation of SIEM content including rules and alerts.

Conduct regular assessments and tuning of Sentinel configurations to enhance detection capabilities.

Collaborate with IT teams to design and implement security monitoring across core business applications.

Job description

Job Description:
The role of Security Operations Detection Engineer reports directly to the lead of Security Operations and is part of the office of the CISO. This role is accountable for the architecture, engineering, and automation of in-house security platforms including the Microsoft Sentinel SIEM and associated SOAR tooling. The ideal candidate will have deep technical expertise in the Microsoft security stack and have demonstrated excellence in the development of security automation across domains such as alert triage, response, as well as other security processes such as patch and vulnerability management. They will also work extensively with various IT teams to define appropriate log ingestion, data enrichment, alerting and response actions via the SIEM/SOAR platform. They will also support the Security Operations Center (SOC) for advanced SIEM queries and analytic alerts. Primary responsibilities in this role include:

MUST have
1. Specialized SIEM / Detection engineering skillset
2. Experience in Sentinel / Defender is a plus.. but open to detection engineering and automation experience across all SIEM platforms (Splunk, Elastic, etc..)

Job Responsibilities:
• Identification of and deployment of new detections or automations within NorthMark Strategies SIEM / SOAR platform.
• Drive creation and implementation of SIEM content (e.g. rules, alerts, dashboards, etc.)
• Ensure better analytics via SIEM – improve signal-to-noise ratio in SIEM content. Conduct regular assessments and tuning of Sentinel configurations to reduce false positives and enhance detection capabilities
• Design and implementation of automation for alert enrichment, common detections closure, and response actions
• Benchmarking of existing detections and development of a roadmap for expansion of coverage.
• Continuous testing of SIEM / SOAR platform to identify and remediation gaps in detection and prevention coverage
• Integration with the external SOC provider to optimize the partnership and improve detection and response capabilities
• Consolidation of data sources across many Microsoft tenants, systems, and companies into a single source for consolidation of Security Operations procedures
• Partnering with various IT organizations to design and implement security monitoring across all core business applications
• Maintenance of all Security Operations tooling to ensure high availability of all log sources
• Partnering with Security Analysts to enhance Security Operations procedures as well as incident response.
• Consolidation and automation of Security Operations Metrics from various sources
• Automation of Incident Response processes and workflows
• Development of and adherence of SIEM Engineering change control procedures and processes
• Management of DLP tools and technologies, ensuring they are configured correctly and functioning optimally
• Provide training and support to team members on SIEM functionalities

Nesco Resource offers a comprehensive benefits package for our associates, which includes a MEC (Minimum Essential Coverage) plan that encompasses Medical, Vision, Dental, 401K, and EAP (Employee Assistance Program) services.

Nesco Resource provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.

Required profile