Cyber Defense Content Engineer Technical Expert
Posted on: May 5, 2021
The Cyber Defense Content Engineer Technical Expert is a senior
individual contributor responsible for developing, maintaining,
troubleshooting, tuning, and documenting security tool
content/rules used for detecting cyber-attacks, intrusions, and
data loss incidents.
In this role you will possess an expert level understanding of
security use cases and the ability to apply them to event data in
support of the Security Operations Center's (SOC) monitoring and
response efforts and will work across multiple technology platforms
and interface with other groups at the bank within Corporate
Security and Resilience, Technology Services, and direct business
Primary responsibilities will include to:
* Develop content for SIEM and other SOC tools to implement use
cases and transform them into correlation queries, templates,
rules, and alerts across multiple cloud environments and
* Create technical documentation for the content deployed.
* Monitor the health and performance of the security tools after
deploying and tuning content.
* Integrate cyber threat intelligence into defensive systems.
* Develop reports, dashboards, workflows, and metrics to meet the
requirements of stakeholders.
* Collaborate on SIEM functional requirements such as logging,
event collection, normalization, correlation, reporting, and
* Support the Security Engineering team with SOC related technical
issues and incidents.
* Mentor and train other members of the Content Engineering
* Support content creation and tuning efforts 24x7 as needed.
* Excellent understanding of Cybersecurity Operations and Incident
* Expert level knowledge of Security Information and Event
Management (SIEM) technologies (Splunk, QRadar, etc.)
* Expert level knowledge of content creation/tuning concepts and
* Experience working with cloud computing platforms such as Amazon
Web Services, Azure, and Office365.
* Deep understanding of events, related fields in log records, and
alerts reported by various data sources such as Windows/Unix
systems, IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web
* Solid understanding of various operating systems (Window, Unix,
Linux, AIX, etc).
* Advanced ability to develop regular expressions.
* Advanced ability to automate tasks using a preferred language
* Excellent oral and written communications skills.
* Strong analytical skills.
* Self-motivation with the ability to work under minimal
* 7 years of proven hands-on experience in SIEM concepts such as
correlation, aggregation, normalization, and parsing, preferably
* Experience with SOC technologies such as IDS/IPS, UTM firewalls,
EDR, anti-virus, network-based threat detection, and netflow.
* Strong understanding of enterprise logging standards.
* Strong understanding of security tools related to Data Loss
Prevention and Privileged User Monitoring.
* Understanding of cyber kill chains and campaign strategies.
* Ability to interact with common APIs.
* Proven successful working relationships with teams outside of
Education, Certifications and/or Other Professional
* Bachelor's Degree (Security / IT Related) or equivalent
combination of experience
* A combination of relevant industry certifications including, but
not limited to CISSP, GREM, GCIH, GCIA, CEH, GCED, CISA, etc.
Hours & Work Schedule
Hours per Week: 40
Work Schedule: Monday through Friday
Why Work for UsAt Citizens, you'll find a customer-centric culture
built around helping our customers and giving back to our local
communities. When you join our team, you are part of a supportive
and collaborative workforce, with access to training and tools to
accelerate your potential and maximize your career growth.Equal
Employment OpportunityIt is the policy of Citizens to provide equal
employment and advancement opportunities to all colleagues and
applicants for employment without regard to race, color, ethnicity,
religion, gender, pregnancy/childbirth, colleague or a dependent's
reproductive health decision making, age, national origin, sexual
orientation, gender identity or expression, disability or perceived
disability, genetic information, genetic characteristic,
citizenship, veteran or military status, marital or domestic
partner status, family status/parenthood, victim of domestic
violence, or any other category protected by federal, state and/or
local laws.Equal Employment and Opportunity
Employer/Disabled/VeteranCitizens is a brand name of Citizens Bank,
N.A. and each of its respective affiliates.
Keywords: Citizens, Providence , Cyber Defense Content Engineer Technical Expert, Engineering , Lincoln, Rhode Island
Didn't find what you're looking for? Search again!