Southern Company
Sr. IT Cyber Security Detection Engineer
Southern Company, Atlanta, Georgia, United States, 30383
Job Description
Sr. IT Cyber Security Detection Engineer
JOB SUMMARY
This position will support our Security Operations Center (SOC) by engineering new threat detections, so our SOC analyst can monitor and respond to cyber security activity across Southern Company's IT and OT networks.
As a Senior Detection Engineer, you will be responsible for developing and continuous improvement of detection capabilities across OT and IT networks. You'll strategize logical deployment locations for detections across devices and SIEMs, building detection signatures on premise and in cloud environments.
You'll serve as an expert level SME in the Detection Engineering & Automation team, capable of quickly acclimating to new signature languages and APIs. You'll coordinate with device owners to leverage device detections efficiently, while enriching existing detections and fortifying our environment based on the Mitre ATT&CK framework.
JOB REQUIREMENTS A formal education in Computer Science or a related field, or equivalent experience in IT Security related roles is required for this position. Minimum 2 years working or supporting a Security Operations Center (SOC) required Minimum 2 years creating SOC detection use cases required Knowledge of multiple query languages SPL, KQL, SQL, XQL, LQL required Minimum 3 year of applied knowledge developing alerts in Microsoft Azure Sentinel Cloud SIEM or Splunk Enterprise Security Applications required Minimum 2 years supporting IT infrastructure or Information Security devices/technologies required 2 years' experience implementing Mitre ATT&CK framework or Lockheed Martin Cyber Kill Chain required Intrusion Detection, Ethical Hacking, and Monitoring certifications a plus (GCIA, CEH, GMON, OSCP, etc) Expert knowledge supporting Security Information and Event Management platforms such as Splunk and Splunk Enterprise Security App Expert level experience developing & managing content within an Enterprise Security Manager application: including dashboards, risk based alerting, active channels, reports, correlation rules, filters, trends, network models, etc. Advanced knowledge of networking protocols and addressing schemes, i.e., TCP/IP functions, CIDR blocks, subnets, addressing, communications, etc Comprehensive working knowledge of Linux, Unix, and Windows OS Scripting skills such as Perl, Python, and/or Shell scripting are a plus. Database skills with MySQL, SQL, Oracle are preferred Experience working with regular expressions are a plus. Excellent problem solving and analytical skills; ability to solve complex technical issues Strong customer service skills Exhibit initiative, follow-up and follow through with commitments Ability to support and work in a team environment Strong technical writing skills Ability to manage multiple tasks and priorities in a high-pressure environment Intermediate understanding of IT Security and the ability to apply risk management principles in all aspects IT Security Working knowledge of Southern Company infrastructure is a plus MAJOR JOB RESPONSIBILITIES:
Be a key contributing member of the use case detection strategy and lifecycle for the team Utilize broad knowledge of security operations, intrusion detection, and security logging to integrate detection use cases into the environment Perform tuning and root cause analysis to increase efficacy of existing use cases and reduce false positives Participate in stakeholder meetings to devise use case detections for their teams Provide feedback and code review of detections created by team members
About Us
Southern Company (NYSE: SO) is a leading energy provider serving 9 million residential and commercial customers across the Southeast and beyond through its family of companies. Providing clean, safe, reliable and affordable energy with excellent service is our mission. The company has electric operating companies in three states, natural gas distribution companies in four states, a competitive generation company, a leading distributed energy infrastructure company with national capabilities, a fiber optics network, and telecommunications services. Through an industry-leading commitment to innovation, resilience, and sustainability, we are taking action to meet our customers' and communities' needs while advancing our commitment to net zero emissions by 2050. Our uncompromising values ensure we put the needs of those we serve at the center of everything we do and are the key to our sustained success. We are transforming energy into economic, environmental and social progress for tomorrow. Our corporate culture and hiring practices have earned the company national awards and recognition from numerous organizations, including Forbes, Military Times, DiversityInc, Black Enterprise, J.D. Power, Fortune, Human Rights Campaign and more. To learn more, visit www.southerncompany.com.
Southern Company invests in the well-being of its employees and their families through a comprehensive total rewards strategy that includes competitive base salary, annual incentive awards for eligible employees and health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being. This position may also be eligible for additional compensation, such as an incentive program, with the amount of any bonus/awards subject to the terms and conditions of the applicable incentive plan(s). A summary of the benefits offered for this position can be found here https://seo.nlx.org/southernco/pdf/SOCO-Benefits.pdf. Additional and specific details about total compensation and benefits will also be provided during the hiring process.
Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.
About the Team
Southern Company Services
Sr. IT Cyber Security Detection Engineer
JOB SUMMARY
This position will support our Security Operations Center (SOC) by engineering new threat detections, so our SOC analyst can monitor and respond to cyber security activity across Southern Company's IT and OT networks.
As a Senior Detection Engineer, you will be responsible for developing and continuous improvement of detection capabilities across OT and IT networks. You'll strategize logical deployment locations for detections across devices and SIEMs, building detection signatures on premise and in cloud environments.
You'll serve as an expert level SME in the Detection Engineering & Automation team, capable of quickly acclimating to new signature languages and APIs. You'll coordinate with device owners to leverage device detections efficiently, while enriching existing detections and fortifying our environment based on the Mitre ATT&CK framework.
JOB REQUIREMENTS A formal education in Computer Science or a related field, or equivalent experience in IT Security related roles is required for this position. Minimum 2 years working or supporting a Security Operations Center (SOC) required Minimum 2 years creating SOC detection use cases required Knowledge of multiple query languages SPL, KQL, SQL, XQL, LQL required Minimum 3 year of applied knowledge developing alerts in Microsoft Azure Sentinel Cloud SIEM or Splunk Enterprise Security Applications required Minimum 2 years supporting IT infrastructure or Information Security devices/technologies required 2 years' experience implementing Mitre ATT&CK framework or Lockheed Martin Cyber Kill Chain required Intrusion Detection, Ethical Hacking, and Monitoring certifications a plus (GCIA, CEH, GMON, OSCP, etc) Expert knowledge supporting Security Information and Event Management platforms such as Splunk and Splunk Enterprise Security App Expert level experience developing & managing content within an Enterprise Security Manager application: including dashboards, risk based alerting, active channels, reports, correlation rules, filters, trends, network models, etc. Advanced knowledge of networking protocols and addressing schemes, i.e., TCP/IP functions, CIDR blocks, subnets, addressing, communications, etc Comprehensive working knowledge of Linux, Unix, and Windows OS Scripting skills such as Perl, Python, and/or Shell scripting are a plus. Database skills with MySQL, SQL, Oracle are preferred Experience working with regular expressions are a plus. Excellent problem solving and analytical skills; ability to solve complex technical issues Strong customer service skills Exhibit initiative, follow-up and follow through with commitments Ability to support and work in a team environment Strong technical writing skills Ability to manage multiple tasks and priorities in a high-pressure environment Intermediate understanding of IT Security and the ability to apply risk management principles in all aspects IT Security Working knowledge of Southern Company infrastructure is a plus MAJOR JOB RESPONSIBILITIES:
Be a key contributing member of the use case detection strategy and lifecycle for the team Utilize broad knowledge of security operations, intrusion detection, and security logging to integrate detection use cases into the environment Perform tuning and root cause analysis to increase efficacy of existing use cases and reduce false positives Participate in stakeholder meetings to devise use case detections for their teams Provide feedback and code review of detections created by team members
About Us
Southern Company (NYSE: SO) is a leading energy provider serving 9 million residential and commercial customers across the Southeast and beyond through its family of companies. Providing clean, safe, reliable and affordable energy with excellent service is our mission. The company has electric operating companies in three states, natural gas distribution companies in four states, a competitive generation company, a leading distributed energy infrastructure company with national capabilities, a fiber optics network, and telecommunications services. Through an industry-leading commitment to innovation, resilience, and sustainability, we are taking action to meet our customers' and communities' needs while advancing our commitment to net zero emissions by 2050. Our uncompromising values ensure we put the needs of those we serve at the center of everything we do and are the key to our sustained success. We are transforming energy into economic, environmental and social progress for tomorrow. Our corporate culture and hiring practices have earned the company national awards and recognition from numerous organizations, including Forbes, Military Times, DiversityInc, Black Enterprise, J.D. Power, Fortune, Human Rights Campaign and more. To learn more, visit www.southerncompany.com.
Southern Company invests in the well-being of its employees and their families through a comprehensive total rewards strategy that includes competitive base salary, annual incentive awards for eligible employees and health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being. This position may also be eligible for additional compensation, such as an incentive program, with the amount of any bonus/awards subject to the terms and conditions of the applicable incentive plan(s). A summary of the benefits offered for this position can be found here https://seo.nlx.org/southernco/pdf/SOCO-Benefits.pdf. Additional and specific details about total compensation and benefits will also be provided during the hiring process.
Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.
About the Team
Southern Company Services