CTA Security Content Engineer
$145,600–$145,600 year
On-site · New York City, New York, United States
Job Summary
CTA Security Content Engineer to proactively deploy security-driven content and fine-tune detection rules. Responsibilities include developing correlation searches, dashboards, and alerts within SIEM; building UEBA policies; mapping use cases to MITRE ATT&CK; integrating tools to improve alerting; creating well-documented code and process documentation; leveraging REST/GraphQL APIs; collaborating across CTA, SOC, CERT, and CTI to deliver high-fidelity detections and automated alerting workflows; establishing content for SIEM and SOAR platforms and maintaining ongoing content development aligned with cyber threat intel and security strategy.
Required Qualifications
- Minimum 4 years of experience developing security rules, detections, and policies within Log Management platforms and NextGen SIEMs (including UEBA)
- Proficient in Python and/or GoLang
- Experience building security-driven content on infrastructures such as log management platforms (Elastic, Splunk or similar) and NextGen SIEMs (UEBA platforms like Exabeam, Securonix)
- Experience using NextGen SIEMs such as Splunk, Elastic to create rules and alerts
- Thorough knowledge of the MITRE ATT&CK framework and mapping security rules to it
- Experience building correlation rules and alerts on log management platforms
- Experience building policies and rules on email and network platforms
- Proficient in git version control and development lifecycle
- Excellent verbal and written communication skills
- Desirable: Bachelor’s degree, Agile basics, malware analysis basics, end-to-end rule lifecycle
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.