Senior System Cyber Analyst Detection Engineering & Automation

Overview

Responsibilities

• Design, implement, and continuously tune detection logic using detection-as-code principles.
• Create and maintain CI/CD pipelines that automate the linting, testing, validation, and deployment of cybersecurity detections.
• Manage detection and automation repositories with Git, ensuring they adhere to coding standards, documentation practices, and version control policies.
• Develop and maintain comprehensive orchestration and automation playbooks in Splunk SOAR.
• Build machine learning models for detecting anomalies and malicious activities.
• Monitor the health of logs and detection infrastructure.
• Drive closure of logging and visibility gaps.
• Administer and continuously improve our security case/workflow management tool.
• Design and perform threat hunts to identify malicious activity, misconfigurations, and visibility gaps.
• Help create and maintain detection content and dashboards.
• Perform adversary emulation in special test environments.
• Design, implement, and maintain automated workflows for threat intelligence and threat hunting.
• Serve as a Tier 3 escalation point for the Cybersecurity Operations Center (CSOC).
• Evaluate, recommend, and onboard new tools and processes to enhance capabilities.

Qualifications

• Master's Degree in Computer Science, Cybersecurity, or other related area and 2 years of relevant work experience.
• Bachelor's Degree in Computer Science, Cybersecurity, or other related area and 3 years of relevant work experience.
• Associate's Degree in Computer Science, Cybersecurity, or other related area and 4 years of relevant work experience.
• High School Diploma/GED and 5 years of relevant work experience.

• Experience in threat intelligence, threat hunting, detection engineering, or a related cybersecurity role, required.
• Strong programming experience with Python or a similar language, required.
• Strong knowledge of detection-as-code practices, required.
• Experience with creating and maintaining CI/CD pipelines, required.
• Proficiency with Git, required.
• Expert knowledge in Splunk Enterprise Security and Splunk SOAR, required.
• Strong proficiency in analyzing IOCs, TTPs, user activity logs, host logs, network logs, and PCAPs to identify malicious behavior, required.
• Experience with MITRE ATT&CK and threat hunting frameworks, methodologies, and approaches, preferred.
• Strong understanding of Incident Management and Incident Response frameworks, preferred.
• Experience using Microsoft Sentinel and KQL, preferred.
• Knowledge of digital forensics and investigation techniques, particularly on Windows and Linux, preferred.
• Knowledge on cloud security and cloud architecture best practices, preferred.
• OT/ICS Security knowledge, preferred.

• Possesses strong technical aptitude
• Excellent collaboration and team building skills
• Strong verbal communication and listening skills
• Demonstrated written communication skills
• Must be proficient in Microsoft Office including Word, Excel, Outlook and PowerPoint, etc.

• Driver's License Required
• Other: Technical certifications (e.g. CISSP, CISM, CIPP, etc.) Preferred

• The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays.
• Must be able and willing to travel within Company service territory, as needed.
• Must be available 24/7, on call, and/or participate in off-hour emergency response activities as required.