Job Description
· Engineer, maintain, and tune SIEM platforms (Google SecOps, Gravwell), including correlation rules, dashboards, enrichment logic, and detection
content.
· Configure, tune, and optimize IDS/IPS technologies (Corelight, Tipping Point, Cisco Firepower), including signature development and false-positive
reduction.
· Perform packet capture (pcap) analysis to validate alerts, identify malicious traffic, and support investigations using Netwitness or Corelight.
· Conduct network traffic analysis to detect anomalies, lateral movement, and command‑and‑control activity.
· Strong understanding of network security architecture, including distributed sensors (Corelight), packet capture systems (NetWitness), and log
pipelines (CRIBL, Gravwell, Google SecOps).
· Operationalize threat intelligence feeds within SOC platforms and customers, converting indicators into detection logic, correlation rules, and
automated enrichment workflows.
· Continuously tune detection content based on intelligence‑driven insights, improving alert fidelity and reducing false positives across statewide
monitoring.
· Develop and maintain orchestration playbooks within Cyware, integrating SIEM, EDR, threat intelligence, and ticketing systems to support
statewide monitoring expansion and rapid incident handling.
· Support SOC operations by providing detection engineering, log onboarding, and data normalization.
· Develop and maintain network security monitoring infrastructure, including sensors, collectors, and log pipelines.
· Collaborate with Incident Responders to provide network‑level evidence, context, and threat validation.
· Produce engineering reports, tuning documentation, and platform health assessments.
· Implement detection logic aligned with MITRE ATT&CK, threat intelligence, and emerging adversary behaviors.
· Produce engineering documentation, tuning reports, platform health assessments, and detection coverage maps using data from Firepower,
TippingPoint, Corelight, NetWitness, Microsoft Sentinel, and Google SecOps
MUST HAVE
5 Required SOC operations experience
5 Required Hands‑on experience with IDS/IPS platforms, specifically Cisco Firepower and TippingPoint, including signature tuning,
false‑positive reduction, and threat‑driven detection improvements.
5 Required Advanced packet capture (pcap) and network analysis skills using Corelight, NetWitness, and CRIBL pipelines to identify anomalies,
malicious traffic, and lateral movement.
5 Required Experience maintaining and tuning EDR platforms, including CrowdStrike Falcon and SentinelOne, and integrating EDR telemetry
into SIEM and orchestration workflows.
5 Required Threat intelligence application expertise
5 Required Develop detection logic aligned with adversary TTPs
PREFERRED
6 Preferred Experience operationalizing threat intelligence by converting indicators and TTPs from Recorded Future, ThreatMon, GreyNoise,
Google Threat Intelligence, VirusTotal, and Mandiant into SIEM rules, IPS signatures, and automated enrichment logic.
5 Preferred Experience operationalizing threat intelligence by converting indicators and TTPs from Recorded Future, ThreatMon, GreyNoise,
Google Threat Intelligence, VirusTotal, and Mandiant into SIEM rules, IPS signatures, and automated enrichment logic.
5 Preferred Perform packet-level analysis to validate alerts and identify malicious activity
5 Preferred Serves as an escalation SOC analysts to support other SOC analyst and incident responders with enriched network-level
intelligence
5 Preferred Proficiency with Google SecOps and Cyware (SOAR) orchestration, including building automated workflows that integrate SIEM,
IDS/IPS, EDR (CrowdStrike, SentinelOne), threat intelligence, and Jira ticketing for SOC automation
4 Preferred Security Certifications Preferred (CISSP, CEH, GISF, GSEC, CySA+, Sec+)
Pay: $30.00 - $32.00 per hour
Benefits:
- 401(k) matching
- Dental insurance
- Health insurance
- Life insurance
Work Location: In person