Blackpoint CyberRemote
SIEM Detection Engineer
United States
Full Time
1 hour ago
$115,000 - $125,000 USD
No H1B
Key skills
ElasticSearchAnalyticsElasticsearchKibanaCommunicationNetwork SecurityFirewall
About this role
Role Overview
- Focus on building and tuning high-fidelity detections using SIEM data sources.
- Work closely with SOC analysts, threat hunters, and platform teams to create detection content.
- Improve data quality and reduce alert fatigue.
- Create, test, and maintain detection logic and rules for new and emerging threats using SIEM telemetry.
- Tune alerts to reduce false positives and ensure detection rules have minimal gaps.
- Build and refine detections using diverse log sources and integrations.
- Collaborate with SOC analysts to identify common patterns and trends across customer environments.
- Assist in designing dashboards/visualizations to track threat trends.
- Partner with ingestion/platform teams to troubleshoot parsing, normalization, indexing, and data availability issues.
- Build or maintain test environments and validation workflows.
Requirements
- Five (5+) years of experience in an information security role.
- Experience working in a SOC, Threat Hunting, or DFIR is preferred.
- Two (2+) years of experience with system tuning and/or engineering (SIEM, EDR, logging pipelines, or analytics platforms).
- Strong experience writing SIEM detections and queries (e.g., Elasticsearch/Kibana or similar).
- Familiarity with common network security and firewall logs and the ability to interpret and detect threats from them (e.g., FortiGate, SonicWall, and other vendor integrations).
- Familiarity with schemas such as OCSF.
- Working knowledge of Windows threat indicators and common attacker behaviors (process execution, persistence, lateral movement, credential access, C2 patterns).
- Knowledge of attacker tools, including legitimate software abused for malicious purposes.
- Familiarity with parent/child process relationships, command-line arguments, and how they are used to identify suspicious activity.
- Ability to troubleshoot and debug data ingestion issues, including parsing problems, missing fields, and normalization gaps.
- Excellent communication skills to summarize findings and present detection rationale, coverage, and trends.
- Ability to work independently with strong problem-solving skills.
Tech Stack
- ElasticSearch
Benefits
- Health, Vision, Dental, and Life Insurance plans
- Robust 401k plan
- Discretionary Time Off
- Other minor perks