Cyber Defense Senior Content Engineer
Posted on: February 15, 2021
The Cyber Defense Senior Content Engineer is a senior individual
contributor responsible for developing, maintaining,
troubleshooting, tuning and documenting security tool content/rules
used for detecting cyber-attacks, intrusions, and data loss
The individual will possess a deep understanding of security use
cases and the ability to apply them to event data in support of the
Security Operations Center's (SOC) monitoring and response
The Senior Content Engineer will work across multiple technology
platforms and interface with other groups at the bank within
Corporate Security & Resilience, Technology Services, and the
Primary Responsibilities Include
- Developing content for SIEM and other SOC tools to implement
use cases and transform them into correlation queries, templates,
rules, and alerts across multiple cloud environments and
- Creating technical documentation for the content deployed.
- Monitoring the health and performance of the security tools
after deploying and tuning content.
- Integrating cyber threat intelligence into defensive
- Developing reports, dashboards, workflows and metrics to meet
the requirements of stakeholders.
- Collaborating on SIEM functional requirements such as logging,
event collection, normalization, correlation, reporting and
- Supporting the Security Engineering team with SOC related
technical issues and incidents.
- Support content creation and tuning efforts 24x7 as needed.
- Excellent understanding of Cybersecurity Operations and
Incident Response processes.
- Knowledge of Security Information and Event Management (SIEM)
technologies (Splunk, QRadar, etc.)
- Advanced knowledge of content creation/tuning concepts and best
- Experience working with cloud computing platforms such as
Amazon Web Services, Azure, and Office365.
- Solid understanding of events, related fields in log records,
and alerts reported by various data sources such as Windows/Unix
systems, IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web
- Solid understanding of various operating systems (Window, Unix,
Linux, AIX, etc).
- Strong ability to develop regular expressions.
- Ability to automate tasks using a preferred language (e.g.
- Excellent oral and written communications skills.
- Strong analytical skills.
- Self-motivation with the ability to work under minimal
- 5 years of proven hands-on experience in SIEM concepts such as
correlation, aggregation, normalization, and parsing, preferably
- Experience with SOC technologies such as IDS/IPS, UTM
firewalls, EDR, anti-virus, network-based threat detection, and
- Strong understanding of enterprise logging standards.
- Strong understanding of security tools related to Data Loss
Prevention and Privileged User Monitoring.
- Understanding of cyber kill chains and campaign
- Ability to interact with common APIs.
- Proven successful working relationships with teams outside of
Education, Certifications And/or Other Professional Credentials
- Bachelor's Degree (Security / IT Related) or equivalent
combination of experience
- A combination of relevant industry certifications including,
but not limited to CISSP, GREM, GCIH, GCIA, CEH, GCED, CISA,
Hours and Work Schedule
Hours per Week: 40
Work Schedule: Monday through Friday 8:30AM - 5:00PM
This position is not available in Colorado
Why Work for Us
At Citizens, you'll find a customer-centric culture built around
helping our customers and giving back to our local communities.
When you join our team, you are part of a supportive and
collaborative workforce, with access to training and tools to
accelerate your potential and maximize your career growth.
Equal Employment Opportunity
It is the policy of Citizens to provide equal employment and
advancement opportunities to all colleagues and applicants for
employment without regard to race, color, ethnicity, religion,
gender, pregnancy/childbirth, colleague or a dependent's
reproductive health decision making, age, national origin, sexual
orientation, gender identity or expression, disability or perceived
disability, genetic information, genetic characteristic,
citizenship, veteran or military status, marital or domestic
partner status, family status/parenthood, victim of domestic
violence, or any other category protected by federal, state and/or
Equal Employment and Opportunity Employer/Disabled/Veteran
Citizens is a brand name of Citizens Bank, N.A. and each of its
Keywords: Citizens, Cranston , Cyber Defense Senior Content Engineer, Engineering , Riverside, Rhode Island
Didn't find what you're looking for? Search again!