Sr. IT Cyber Security Detection Engineer

Southern Company-posted about 1 year ago
Full-time • Mid Level
Atlanta, GA
5,001-10,000 employees
Utilities
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

The Senior IT Cyber Security Detection Engineer will support the Security Operations Center (SOC) by engineering new threat detections, enabling SOC analysts to monitor and respond to cybersecurity activities across Southern Company's IT and OT networks. This role involves developing and continuously improving detection capabilities, strategizing deployment locations for detections, and building detection signatures in both on-premise and cloud environments. The engineer will serve as a subject matter expert in the Detection Engineering & Automation team, coordinating with device owners and enhancing existing detections based on the Mitre ATT&CK framework.

  • Be a key contributing member of the use case detection strategy and lifecycle for the team
  • Utilize broad knowledge of security operations, intrusion detection, and security logging to integrate detection use cases into the environment
  • Perform tuning and root cause analysis to increase efficacy of existing use cases and reduce false positives
  • Participate in stakeholder meetings to devise use case detections for their teams
  • Provide feedback and code review of detections created by team members
  • Formal education in Computer Science or a related field, or equivalent experience in IT Security related roles
  • Minimum 2 years working or supporting a Security Operations Center (SOC)
  • Minimum 2 years creating SOC detection use cases
  • Knowledge of multiple query languages SPL, KQL, SQL, XQL, LQL
  • Minimum 3 years of applied knowledge developing alerts in Microsoft Azure Sentinel Cloud SIEM or Splunk Enterprise Security Applications
  • Minimum 2 years supporting IT infrastructure or Information Security devices/technologies
  • 2 years' experience implementing Mitre ATT&CK framework or Lockheed Martin Cyber Kill Chain
  • Expert knowledge supporting Security Information and Event Management platforms such as Splunk and Splunk Enterprise Security App
  • Expert level experience developing & managing content within an Enterprise Security Manager application
  • Advanced knowledge of networking protocols and addressing schemes
  • Comprehensive working knowledge of Linux, Unix, and Windows OS
  • Excellent problem solving and analytical skills; ability to solve complex technical issues
  • Strong customer service skills
  • Ability to manage multiple tasks and priorities in a high-pressure environment
  • Intrusion Detection, Ethical Hacking, and Monitoring certifications (GCIA, CEH, GMON, OSCP, etc)
  • Scripting skills such as Perl, Python, and/or Shell scripting
  • Database skills with MySQL, SQL, Oracle
  • Experience working with regular expressions
  • Intermediate understanding of IT Security and the ability to apply risk management principles in all aspects of IT Security
  • Working knowledge of Southern Company infrastructure
  • Competitive base salary
  • Annual incentive awards for eligible employees
  • Health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being
  • Potential eligibility for additional compensation, such as an incentive program
Track Jobs with Teal

Job Search Resources

AI Resume Builder
Cybersecurity Engineer Resume Examples
Cybersecurity Engineer Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service