Security Architect # 26-13212

Summary: The role of a Detection Engineer within the Division of Information Security involves creating, tuning, and maintaining detection rules in a state monitoring environment. The position requires direct engagement with state agencies to enhance the adoption of centralized security services. This is a 12-month contract with the possibility of extension, focusing on improving detection coverage and collaborating with various teams. The ideal candidate will have a strong background in detection tuning and development, along with relevant experience in large IT environments.

Key Responsibilities:

• Review and tune current detection rules within the SIEM.
• Perform Gap analysis of the current detection coverage.
• Develop detection rules/solutions to cover found Gaps.
• Monitor threat intelligence sources for new use cases.
• Work with SOC analysts to create and tune rules.
• Work with the State Threat Hunter to identify and remediate detection coverage gaps.
• Document processes, runbooks, and troubleshooting steps related to the SOAR and integrations.
• Coordinate with engineering, SOC, and agency staff as needed to meet goals.
• Other duties as needed.

Key Skills:

• Proven experience with detection tuning/development.
• Experience with dashboard creation and reporting.
• Experience with the Palo Alto Cortex XSIAM platform.
• Deep understanding of Windows/Linux artifacts.
• Excellent communication and customer service skills for agency facing engagement.
• Experience in working in multi-tenancy environment.
• Experience in multi-agency or enterprise service projects.
• Bachelor's Degree In An Information Technology Or Information Security Related Field.
• Eight Years Of Relevant Work Experience May Be Substituted In Lieu Of Education.
• Five Years Of Experience In Supporting Large IT Environments and/or System Deployments.
• 5+ years of Strong scripting and automation skills (Python, Bash, PowerShell, or similar).
• Understanding of Sigma, YARA, and other industry standard detection languages.
• Familiarity with MITRE Telecommunication&CK framework.
• CISSP, CISA, CISO or equivalent advanced security certification.
• Vendor Certifications In Detection Engineering.
• Additional relevant certifications (e.g., CEH, OSCP, GPEN).

Salary (Rate): £86 hourly

City: undetermined

Country: undetermined

Working Arrangements: remote

IR35 Status: undetermined

Seniority Level: undetermined

Industry: IT