Security Architect

Summary: The Security Architect role focuses on enhancing detection capabilities within the State's Security Information and Event Management (SIEM) system. The position requires collaboration with various teams to identify and remediate detection gaps, develop new detection rules, and document processes. Preference is given to candidates who can work onsite as needed, with remote work as a secondary option. The role demands a strong background in information technology or security, along with excellent communication skills.

Key Responsibilities:

• Review and tune current detection rules within the State SIEM.
• Perform gap analysis of the current detection coverage.
• Develop detection rules/solutions to cover found gaps.
• Monitor threat intelligence sources for new use cases.
• Work with State SOC analysts to create and tune rules.
• Work with the State Threat Hunter to identify and remediate detection coverage gaps.
• Document processes, runbooks, and troubleshooting steps related to the SOAR and integrations.
• Coordinate with engineering, SOC, and agency staff as needed to meet goals.

Key Skills:

• Bachelor's degree in an Information Technology or Information Security related field.
• Experience in supporting large IT environments and/or system deployments.
• Strong scripting and automation skills (Python, Bash, PowerShell, or similar).
• Understanding of Sigma, YARA, and other industry standard detection languages.
• Familiarity with MITRE ATT&CK framework.
• Proven experience with detection tuning/development.
• Experience with dashboard creation and reporting.
• Excellent communication and customer service skills for agency-facing engagement.
• Experience in working in a multi-tenancy environment.
• Experience in multi-agency or enterprise service projects.

Salary (Rate): undetermined

City: undetermined

Country: undetermined

Working Arrangements: remote

IR35 Status: undetermined

Seniority Level: undetermined

Industry: IT