Blackpoint Cyber

SIEM Detection Engineer

Blackpoint Cyber

full-time

Posted on:

Location Type: Remote

Location: United States

Visit company website

Explore more

AI Apply
Apply

Salary

💰 $115,000 - $125,000 per year

Tech Stack

ElasticSearch

About the role

  • Focus on building and tuning high-fidelity detections using SIEM data sources.
  • Work closely with SOC analysts, threat hunters, and platform teams to create detection content.
  • Improve data quality and reduce alert fatigue.
  • Create, test, and maintain detection logic and rules for new and emerging threats using SIEM telemetry.
  • Tune alerts to reduce false positives and ensure detection rules have minimal gaps.
  • Build and refine detections using diverse log sources and integrations.
  • Collaborate with SOC analysts to identify common patterns and trends across customer environments.
  • Assist in designing dashboards/visualizations to track threat trends.
  • Partner with ingestion/platform teams to troubleshoot parsing, normalization, indexing, and data availability issues.
  • Build or maintain test environments and validation workflows.

Requirements

  • Five (5+) years of experience in an information security role.
  • Experience working in a SOC, Threat Hunting, or DFIR is preferred.
  • Two (2+) years of experience with system tuning and/or engineering (SIEM, EDR, logging pipelines, or analytics platforms).
  • Strong experience writing SIEM detections and queries (e.g., Elasticsearch/Kibana or similar).
  • Familiarity with common network security and firewall logs and the ability to interpret and detect threats from them (e.g., FortiGate, SonicWall, and other vendor integrations).
  • Familiarity with schemas such as OCSF.
  • Working knowledge of Windows threat indicators and common attacker behaviors (process execution, persistence, lateral movement, credential access, C2 patterns).
  • Knowledge of attacker tools, including legitimate software abused for malicious purposes.
  • Familiarity with parent/child process relationships, command-line arguments, and how they are used to identify suspicious activity.
  • Ability to troubleshoot and debug data ingestion issues, including parsing problems, missing fields, and normalization gaps.
  • Excellent communication skills to summarize findings and present detection rationale, coverage, and trends.
  • Ability to work independently with strong problem-solving skills.
Benefits
  • Health, Vision, Dental, and Life Insurance plans
  • Robust 401k plan
  • Discretionary Time Off
  • Other minor perks
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
SIEMdetection logicdetection rulesElasticsearchKibanasystem tuningEDRlogging pipelinesanalytics platformsOCSF
Soft Skills
communication skillsproblem-solving skillscollaborationindependence