Security Architect (Detection Engineer)

Basic Qualifications:

o    Bachelor’s Degree in an Information Technology or Information Security related field; 8+ years of relevant work experience in security architecture may be substituted in lieu of education

o    5+ years of experience with scripting automation (Python, Bash, PowerShell, or similar)

o    5+ years of experience in supporting large IT environments and/or system deployments

o    Experience with Sigma, Yara, and other industry standard detection languages

o    Experience with MITRE ATT & CK Framework

Preferred Skills:
o    CISSP, CISA, CISO or equivalent advanced security certifications (CEH, OSCP. GPEN)

o    Vendor certifications in detection engineering

o    Experience with the Palo Alto Cortex XSIAM platform

o    Deep understanding of Windows/Linux artifacts

o    Resource is local to Columbia, South Carolina or a surrounding city in South Carolina

Responsibilities will include:

o     Review and tune current detection rules within the State SIEM.

o    Perform Gap analysis of the current detection coverage.

o    Develop detection rules/solutions to cover found Gaps.

o    Monitor threat intelligence sources for new use cases.

o    Work with State SOC analysts to create and tune rules.

o    Work with the State Threat Hunter to identify and remediate detection coverage gaps.

o    Document processes, runbooks, and troubleshooting steps related to the SOAR and integrations.

o     Coordinate with engineering, SOC, and agency staff as needed to meet goals.

o    Other duties as needed.