Local Security Engineer

Job ID: SC-10793 (912590429) Remote/Local Security Engineer/Architect (CISSP/CISA/CISO/SECURITY/CEH/OSCP/GPEN) with SIEM, Detection coverage gap remediation, Threat Intelligence, Python/Bash/PowerShell, Sigma/Yara, Tunning, PALO ALTO CORTEX XSIAM, Windows/Linux, MITRE ATT&CK experience Location: Columbia, SC (ADMIN) Duration: 12 Months Work Location: Fully Remote Candidate Location: No SC residency required. Open to nationwide candidates. Interview Process: 1 round, Virtual/Online – potential for a 2nd round onsite as needed REQUIRED EDUCATION/CERTIFICATIONS: • BACHELOR’S DEGREE IN AN INFORMATION TECHNOLOGY OR INFORMATION SECURITY RELATED FIELD • EIGHT YEARS OF RELEVANT WORK EXPERIENCE MAY BE SUBSTITUTED IN LIEU OF EDUCATION • FIVE YEARS OF EXPERIENCE IN SUPPORTING LARGE IT ENVIRONMENTS AND/OR SYSTEM DEPLOYMENTS • 5+ YEARS OF STRONG SCRIPTING AND AUTOMATION SKILLS (PYTHON, BASH, POWERSHELL, OR SIMILAR). • UNDERSTANDING OF SIGMA, YARA, AND OTHER INDUSTRY STANDARD DETECTION LANGUAGES. • FAMILIARITY WITH MITRE ATT&CK FRAMEWORK PREFERRED EDUCATION/CERTIFICATIONS: • CISSP, CISA, CISO OR EQUIVALENT ADVANCED SECURITY CERTIFICATION. • ADDITIONAL RELEVANT CERTIFICATIONS (E.G., CEH, OSCP, GPEN). • VENDOR CERTIFICATIONS IN DETECTION ENGINEERING. • Resource is local to Columbia, South Carolina or a surrounding city in South Carolina ADDITIONAL SKILLS AND DUTIES: • PROVEN EXPERIENCE WITH DETECTION TUNING/DEVELOPMENT.. • EXPERIENCE WITH DASHBOARD CREATION AND REPORTING. • EXCELLENT COMMUNICATION AND CUSTOMER SERVICE SKILLS FOR AGENCY-FACING ENGAGEMENT. • EXPERIENCE IN WORKING IN MULTI-TENANCY ENVIRONMENT • EXPERIENCE IN MULTI-AGENCY OR ENTERPRISE SERVICE PROJECTS. PREFERRED SKILLS (RANK IN ORDER OF IMPORTANCE): • EXPERIENCE WITH THE PALO ALTO CORTEX XSIAM PLATFORM. • DEEP UNDERSTANDING OF WINDOWS/LINUX ARTIFACTS. DAILY DUTIES / RESPONSIBILITIES: PREFERENCE WILL BE GIVEN TO A CANDIDATE WHO CAN WORK ONSITE OVER HYBRID AND OVER FULL-TIME REMOTE (ON-SITE AS NEEDED). • REVIEW AND TUNE CURRENT DETECTION RULES WITHIN THE STATE SIEM. • PERFORM GAP ANALYSIS OF THE CURRENT DETECTION COVERAGE. • DEVELOP DETECTION RULES/SOLUTIONS TO COVER FOUND GAPS. • MONITOR THREAT INTELLIGENCE SOURCES FOR NEW USE CASES. • WORK WITH STATE SOC ANALYSTS TO CREATE AND TUNE RULES. • WORK WITH THE STATE THREAT HUNTER TO IDENTIFY AND REMEDIATE DETECTION COVERAGE GAPS. • DOCUMENT PROCESSES, RUNBOOKS, AND TROUBLESHOOTING STEPS RELATED TO THE SOAR AND INTEGRATIONS. • COORDINATE WITH ENGINEERING, SOC, AND AGENCY STAFF AS NEEDED TO MEET GOALS. • OTHER DUTIES AS NEEDED.