Careers — Arthur Ventures
Staff Security Content Engineer at Avalara
Seattle, WA, US

The successful candidate for the Security Content Engineer role will develop security content using SIEM, Threat Intelligence and SOAR technologies while adhering to security content lifecycle processes and procedures impacting Avalara’s products, services, and enterprise infrastructure. You will work with world class staff and tools to identify, monitor, and address attacks and malware, while participating in a next-generation security organization. This senior position will guide others and drive security solutions relevant to security content and attack patterns.

 

You’ll be responsible for providing guidance and building real world mitigation steps to identified information risks. The successful candidate will be required to assess security flaws, determine mitigation strategies and drive fixes to resolution. You will apply your strong enterprise IT background by analyzing data from Avalara’s ecosystem of tools, systems, and architectures to assist in incident response, threat hunting, and data analysis. This role involves critical responsibilities within Incident Response procedures that must continue to be performed during crisis situations.

 

Job Duties

  • Develop new SIEM content (Securonix Snypr) including correlations, enrichments, dashboards, reports, and alerts that appropriately characterize the importance of events of interest found in their operational environment
  • Document and develop tools to assist SOC and SIRT personnel in log collection and review
  • Alleviate time-consuming SOC analyst tasks and improve SOC processes through Security Orchestration, Automation and Response (SOAR)
  • Develop new SOAR runbooks within the SIEM while leveraging internal/external Threat Intelligence, proprietary data, communication channels (slack, email, sms) while following and enforcing Avalara security policies.
  • Maintain operational effectiveness of SIEM security content, accepting requests from Security Operations, Product Security, and Engineering to tune and implement content that meet emerging threats
  • Develop actionable information in the form of technical indicators, reports, lists, rules, signatures, or signals and warnings
  • Perform analysis on new indicators to detect prior compromise
  • Research and analyze malware, and develop detection algorithms
  • Collect and publish attack stories and contribute to security training and security champions program

 

Qualifications

  • 10+ years of experience as a security practitioner
  • Minimum 5-7 years experience operating SIEM technologies including developing custom content and integrations
  • Must have a deep technical capability in at least one of the following: Red team/blue team, Security Operations/Incident Response, Research/Threat Detection, Threat Hunting, Development, Malware analysis, DFIR
  • Experience incorporating threat Intelligence into SIEM content
  • Experience with UEBA/behavioral analysis, Security Orchestration and Automation Platforms, and Incident Response
  • Knowledge of MITRE ATT&CK framework
  • Python, Pearl, and Regular Expressions experience required
  • REST/SOAP API experience required
  • Working knowledge of REST, JSON, SOAP, ODBC, XML, CSV, other formats and the ability to leverage existing scripts, drivers, and SDKs
  • Excellent written, verbal and presentation skills are essential and required
  • Must be able to work autonomously as well as in team environments, often in stressful, high impact situations

 

Preferred Qualifications

  • Experience with the Securonix is highly desired
  • Knowledge of security triage and incident handling workflow
  • Familiarity with effective visualizations and dashboarding fundamentals
  • CISSP, SANS technology certifications and other security certifications is a plus