SIEM Detection Engineer

📋 Description

• • Blackpoint Cyber is at the forefront of cybersecurity, providing world-class threat hunting, detection, and remediation technology. Founded by former NSA cyber operations experts, we bring national security-grade solutions to commercial clients globally. Currently experiencing hyper-growth, fueled by a significant $190M Series C funding round, we are seeking a talented SIEM Detection Engineer to join our dynamic team.
• • In this critical role, you will be instrumental in developing and refining high-fidelity detection logic and rules within our Security Information and Event Management (SIEM) system. Your primary focus will be on ensuring robust threat coverage across a diverse range of partner environments by leveraging various SIEM data sources.
• • You will collaborate closely with our Security Operations Center (SOC) analysts, threat hunters, and platform engineering teams. This collaboration is key to creating effective detection content, enhancing the quality of ingested data, and significantly reducing alert fatigue for our analysts, thereby improving the overall efficiency and effectiveness of our 24x7 SOC operations.
• • A significant part of your responsibility will involve the creation, rigorous testing, and ongoing maintenance of detection logic and rules. This includes developing content for new and emerging threats, ensuring our defenses are always up-to-date with the latest attacker tactics, techniques, and procedures (TTPs).
• • You will be tasked with meticulously tuning alerts to minimize false positives and eliminate detection gaps. This fine-tuning process is essential for maximizing the accuracy and efficiency of our SOC, ensuring that analysts can focus on genuine threats.
• • Building and refining detections will involve working with a wide array of log sources and integrations. This includes, but is not limited to, firewall and network security telemetry from platforms like FortiGate, SonicWall, and similar vendors, as well as endpoint, identity, cloud, and DNS data where available.
• • Close partnership with SOC analysts will be crucial for identifying common patterns and trends observed across our extensive customer base. These insights will be directly translated into durable and effective detection content.
• • You will also contribute to the design and development of insightful dashboard visualizations. These dashboards will be used to track evolving threat trends, monitor the performance of our detection rules, and highlight customer-specific patterns, providing valuable operational intelligence.
• • A key aspect of the role involves partnering with our ingestion platform teams to proactively troubleshoot and resolve issues related to data parsing, normalization, indexing, and availability. Ensuring data quality is paramount for effective detection engineering.
• • You will be responsible for building and maintaining dedicated test environments and robust validation workflows. These environments will allow for the safe and effective verification of new detection rules against real-world attacker TTPs before deployment.
• • Support for incident response efforts is also a component of this role. You will review activity that has been mitigated by the SOC and leverage these findings to write new detections based on observed attacker tradecraft.
• • Furthermore, you will contribute to the enhancement of our detection capabilities through light automation and enrichment. This includes scripting, workflow improvements, and adding context to alerts to reduce investigation times and empower analyst decision-making.
• • This role offers a unique opportunity to work with cutting-edge technology and contribute directly to the security posture of numerous organizations, making a tangible impact in the fight against cyber threats. You will be part of a rapidly growing company with a strong mission and a culture of innovation.