The Technical Consultant in Threat Detection Content & Administration is responsible for managing and maintaining security technology infrastructure, including SIEM, SOAR, EDR, AV, and Cloud security controls. This role involves developing use cases, rules, tuning and optimization reports, run books, and deploying them to the client environment. The consultant ensures that infrastructures are patched, upgraded, and functioning efficiently. Their expertise lies in analyzing and translating system and network activity, indicators of compromise, and attacker tactics to identify malicious activity. The consultant applies the MITRE ATT&CK framework to classify attacks, identify attack attribution, and assess risk, and is proficient in using the NIST Cybersecurity framework to evaluate the risk of threats. The specialist in this role has expertise in Security Incident & Event Management (SIEM), Endpoint Detection and Response technology, anti-malware, anti-spam, network security technologies, and general user and network activity logging policies. The consultant's deliverables include use cases, rules, run books, and security policy recommendations.

 

High School Diploma or equivalent required; Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field preferred.

2-4 years of experience in a cybersecurity role.

1-2 years of experience working with OT/SCADA environments is highly desirable.

Relevant certifications (e.g., Network+, Security+, CySA+) are a plus.

Foundational understanding of industrial protocols such as DNP3, Modbus, and IEC 104.

Experience with security technologies including SIEM, SOAR, and IIDS platforms

Strong analytical skills, attention to detail, and the ability to communicate complex technical information clearly (written and verbal) to both technical and non-technical audiences

 

Ability to work effectively in a 24/7 shift-based SOC envir. including covering for teammates