Python BASH PowerShell Architect

• Review and tune current detection rules within the State SIEM.

• Perform Gap analysis of the current detection coverage.

• Develop detection rules/solutions to cover found Gaps.

• monitor threat intelligence sources for new use cases.

• Work with State SOC analysts to create and tune rules.

• Work with the State Threat Hunter to identify and remediate detection coverage gaps.

• Document processes, runbooks, and troubleshooting steps related to the SOAR and integrations.

• Coordinate with engineering, SOC, and agency staff as needed to meet goals.

• Other duties as needed.

• Proven experience with detection tuning/development..

• Experience with dashboard creation and reporting.

Preferred Skills (rank in order of Importance):

• Experience with the Palo Alto Cortex XSIAM platform.

• Deep understanding of Windows/Linux artifacts.

• Excellent communication and customer service skills for agency-

facing engagement.

• Experience in working in multi-tenancy environment

• Experience in multi-agency or enterprise service projects.

Required Education/Certifications:

• BACHELORS DEGREE IN AN

INFORMATION TECHNOLOGY OR

INFORMATION SECURITY RELATED

FIELD

• EIGHT YEARS OF RELEVANT WORK

EXPERIENCE MAY BE SUBSTITUTED IN

LIEU OF EDUCATION

• FIVE YEARS OF EXPERIENCE IN

SUPPORTING LARGE IT

ENVIRONMENTS AND/OR SYSTEM

DEPLOYMENTS

• 5+ years of Strong scripting and

automation skills (Python, Bash,

PowerShell, or similar).

• Understanding of Sigma, YARA, and

other industry standard detection

languages.

• Familiarity with MITRE ATT&CK