Information Security Engineer 4
CHARLOTTE, NC, United States
Contract
4 days ago
$69 USD
Key skills
PythonPowerShellData EngineeringAnalyticsAWSAzureGoogle CloudIAMAzure ADOktaSplunkGitVersion ControlSDLCChange ManagementFirewall
About this role
Outstanding long-term contract opportunity! A well-known Financial Services Company is looking for a Information Security Engineer in Charlotte, NC (Hybrid).
Work with the brightest minds at one of the largest financial institutions in the world. This is a long-term contract opportunity that includes a competitive benefit package! Our client has been around for over 150 years and is continuously innovating in today's digital age. If you want to work for a company that is not only a household name, but also truly cares about satisfying customers' financial needs and helping people succeed financially, apply today.
Contract Duration: 18 Months
Required Skills & Experience
What You Will Be Doing
Work with the brightest minds at one of the largest financial institutions in the world. This is a long-term contract opportunity that includes a competitive benefit package! Our client has been around for over 150 years and is continuously innovating in today's digital age. If you want to work for a company that is not only a household name, but also truly cares about satisfying customers' financial needs and helping people succeed financially, apply today.
Contract Duration: 18 Months
Required Skills & Experience
- 5+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work or consulting experience, training, military experience, education.
- 5+ years in threat detection engineering, security operations, or incident response, with at least 3 years focused on writing and tuning detections.
- Demonstrated ownership of a detection lifecycle or detection engineering program (requirements, design, implementation, tuning, decommission).
- Proven experience working in large or complex environments (multi-tenant, multi-cloud, or global enterprises).
- Strong experience writing and tuning detections in:
- **SIEM**: Splunk (SPL proficiency required; advanced search, macros, data models, scheduled searches, alerting).
- **EDR/XDR**: CrowdStrike (Falcon platform; custom IOA rules, detection tuning, exclusion logic).
- **Microsoft Security**:
- Microsoft Defender for Endpoint / Defender for Cloud Apps.
- Kusto Query Language (KQL) for Microsoft Sentinel and M365 Defender.
- **Cloud Platforms**:
- Azure (log analytics, activity logs, Azure AD, Defender for Cloud).
- Google Cloud Platform (Cloud Logging, Security Command Center, IAM, network telemetry).
- Ability to translate attacker techniques (TTPs) into detection logic across multiple platforms.
- Deep understanding of:
- MITRE ATT&CK (enterprise matrix; TTP coverage, mapping detections to ATT&CK)
- Common adversary tradecraft: phishing, ransomware, lateral movement, privilege escalation, exfiltration, cloud account compromise, identity misuse.
- Ability to perform detection gap analysis based on recent threats (e.g., ransomware families, cloud-native attacks, identity-based attacks).
- Familiarity with threat intel sources and how to operationalize them into detection content.
- Demonstrated experience:
- Measuring and improving detection fidelity (precision/recall, false positive/negative analysis).
- Designing and executing test plans for detections (simulations, red team findings, adversary emulation tools).
- Using test frameworks (e.g., Atomic Red Team, Caldera, commercial breach & attack simulation) to validate detection coverage.
- Experience building and maintaining:
- "Top talker" detection dashboards and metrics.
- Feedback loops with SOC analysts to continuously refine detection logic.
- Runbooks or playbooks tied to specific detections.
- Data Engineering & Telemetry Understanding
- Strong grasp of logging and telemetry:
- Windows event logs, Sysmon, Linux logs.
- Network telemetry (NetFlow, firewall logs, proxy/DNS).
- Identity and access logs (Azure AD, Okta, on-prem AD).
- Cloud-native logs (Azure, Google Cloud Platform, AWS if applicable).
- Assess log quality and coverage (what's being collected, from where, and how often).
- Specify data requirements for new or improved detections.
- Work with platform or infra teams to onboard or normalize new log sources.
- Engineering & Automation Mindset
- Proficiency in one or more scripting/programming languages (Python, PowerShell, or similar) for:
- Detection content automation (mass updates, testing, reporting).
- Building small tools to support detection analysis or enrichment.
- Experience with version control and SDLC-like processes for detection content:
- Git (branching, pull requests, code review).
- Change management, testing, and staged rollout of new rules.
- Familiarity with infrastructure-as-code / configuration-as-code for security tooling
What You Will Be Doing
- Consult on complex initiatives with broad impact and large-scale planning for Information Security Engineering.
- Review and analyze complex multi-faceted, larger scale or longer-term Information Security Engineering challenges that require in-depth evaluation of multiple factors including intangibles or unprecedented factors.
- Contribute to the resolution of complex and multi-faceted situations requiring solid understanding of the function, policies, procedures, and compliance requirements that meet deliverables.
- Strategically collaborate and consult with client personnel.