[Remote] SIEM Detection Engineer

Note: The job is a remote job and is open to candidates in USA. Blackpoint Cyber is the leading provider of world-class cybersecurity threat hunting, detection and remediation technology. As a SIEM Detection Engineer, you will focus on building and tuning high-fidelity detections using SIEM data sources while collaborating closely with SOC analysts and threat hunters to enhance detection capabilities and reduce alert fatigue.

Responsibilities

• Create, test, and maintain detection logic and rules for new and emerging threats using SIEM telemetry
• Tune alerts to reduce false positives and ensure detection rules have minimal gaps, maximizing the efficiency and accuracy of our 24x7 SOC
• Build and refine detections using diverse log sources and integrations, including firewall and network security telemetry (e.g., FortiGate, SonicWall, and similar platforms), plus endpoint, identity, cloud, and DNS data where available
• Collaborate with SOC analysts to identify common patterns and trends across customer environments and translate them into durable detection content
• Assist in designing dashboards/visualizations to track threat trends, detection performance, and customer-specific patterns
• Partner with ingestion/platform teams to troubleshoot parsing, normalization, indexing, and data availability issues impacting detection quality
• Build or maintain test environments and validation workflows to safely verify detections against real-world attacker TTPs
• Support incident response efforts by reviewing activity mitigated by the SOC and writing detections based on observed tradecraft
• Contribute to enrichment and automation improvements (light scripting, workflow enhancements, alert context) to reduce investigation time and improve analyst decision-making Skills
• Five (5+) years of experience in an information security role. Progressive relevant training and/or certification may be substituted for one (1) year of the experience requirement
• Strong experience writing SIEM detections and queries (e.g., Elasticsearch/Kibana or similar)
• Familiarity with common network security and firewall logs and the ability to interpret and detect threats from them (e.g., FortiGate, SonicWall, and other vendor integrations)
• Familiarity with schemas such as OCSF
• Working knowledge of Windows threat indicators and common attacker behaviors (process execution, persistence, lateral movement, credential access, C2 patterns)
• Knowledge of attacker tools, including legitimate software abused for malicious purposes
• Familiarity with parent/child process relationships, command-line arguments, and how they are used to identify suspicious activity
• Ability to troubleshoot and debug data ingestion issues, including parsing problems, missing fields, and normalization gaps
• Excellent communication skills to summarize findings and present detection rationale, coverage, and trends
• Ability to work independently with strong problem-solving skills
• Experience working in a SOC, Threat Hunting, or DFIR is preferred
• Two (2+) years of experience with system tuning and/or engineering (SIEM, EDR, logging pipelines, or analytics platforms)
• Experience with log onboarding and integrations (syslog, agents, API-based collection) across common MSP stacks
• Basic scripting/automation experience (Python and/or PowerShell) to support enrichment, detection testing, or workflow improvements
• Experience creating Sigma and/or YARA rules and validating against adversary TTPs
• Proficiency using Power BI or building Kibana dashboards for detection and trend visualization
• Network/System Administration experience
• CRTO, eCPTX, or other relevant certifications
• Deep forensic knowledge of Windows, macOS and/or Linux
• Malware analysis experience (behavioral and/or static analysis)

Benefits

• Health, Vision, Dental, and Life Insurance plans
• Robust 401k plan
• Discretionary Time Off
• Other minor perks Company Overview
• Blackpoint Cyber is a provider of cybersecurity threat hunting, detection, and response technology. It was founded in 2014, and is headquartered in Ellicott City, Maryland, USA, with a workforce of 51-200 employees. Its website is Company H1B Sponsorship
• Blackpoint Cyber has a track record of offering H1B sponsorships, with 1 in 2025, 2 in 2024. Please note that this does not guarantee sponsorship for this specific role. Apply tot his job

Apply tot his job Apply To this Job