$69.5 - $76.16
Outstanding long-term contract opportunity! A well-known Financial Services Company is looking for a Information Security Engineer in Charlotte, NC (Hybrid).
Work with the brightest minds at one of the largest financial institutions in the world. This is a long-term contract opportunity that includes a competitive benefit package! Our client has been around for over 150 years and is continuously innovating in today's digital age. If you want to work for a company that is not only a household name, but also truly cares about satisfying customers' financial needs and helping people succeed financially, apply today.
Contract Duration: 18 Months
Required Skills & Experience
5+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work or consulting experience, training, military experience, education.
5+ years in threat detection engineering, security operations, or incident response, with at least 3 years focused on writing and tuning detections.
Demonstrated ownership of a detection lifecycle or detection engineering program (requirements, design, implementation, tuning, decommission).
Proven experience working in large or complex environments (multi-tenant, multi-cloud, or global enterprises).
Strong experience writing and tuning detections in:
SIEM : Splunk (SPL proficiency required; advanced search, macros, data models, scheduled searches, alerting).
EDR/XDR : CrowdStrike (Falcon platform; custom IOA rules, detection tuning, exclusion logic).
Microsoft Security :
Microsoft Defender for Endpoint / Defender for Cloud Apps.
Kusto Query Language (KQL) for Microsoft Sentinel and M365 Defender.
Cloud Platforms :
Azure (log analytics, activity logs, Azure AD, Defender for Cloud).
GCP (Cloud Logging, Security Command Center, IAM, network telemetry).
Ability to translate attacker techniques (TTPs) into detection logic across multiple platforms.
Deep understanding of:
MITRE ATT&CK (enterprise matrix; TTP coverage, mapping detections to ATT&CK)
Common adversary tradecraft: phishing, ransomware, lateral movement, privilege escalation, exfiltration, cloud account compromise, identity misuse.
Ability to perform detection gap analysis based on recent threats (e.g., ransomware families, cloud-native attacks, identity-based attacks).
Familiarity with threat intel sources and how to operationalize them into detection content.
Demonstrated experience:
Measuring and improving detection fidelity (precision/recall, false positive/negative analysis).
Designing and executing test plans for detections (simulations, red team findings, adversary emulation tools).
Using test frameworks (e.g., Atomic Red Team, Caldera, commercial breach & attack simulation) to validate detection coverage.
Experience building and maintaining:
"Top talker" detection dashboards and metrics.
Feedback loops with SOC analysts to continuously refine detection logic.
Runbooks or playbooks tied to specific detections.
Data Engineering & Telemetry Understanding
Strong grasp of logging and telemetry:
Windows event logs, Sysmon, Linux logs.
Network telemetry (NetFlow, firewall logs, proxy/DNS).
Identity and access logs (Azure AD, Okta, on-prem AD).
Cloud-native logs (Azure, GCP, AWS if applicable).
Assess log quality and coverage (what's being collected, from where, and how often).
Specify data requirements for new or improved detections.
Work with platform or infra teams to onboard or normalize new log sources.
Engineering & Automation Mindset
Proficiency in one or more scripting/programming languages (Python, PowerShell, or similar) for:
Detection content automation (mass updates, testing, reporting).
Building small tools to support detection analysis or enrichment.
Experience with version control and SDLC-like processes for detection content:
Git (branching, pull requests, code review).
Change management, testing, and staged rollout of new rules.
Desired Skills & Experience
Familiarity with infrastructure-as-code / configuration-as-code for security tooling
What You Will Be Doing
Consult on complex initiatives with broad impact and large-scale planning for Information Security Engineering.
Review and analyze complex multi-faceted, larger scale or longer-term Information Security Engineering challenges that require in-depth evaluation of multiple factors including intangibles or unprecedented factors.
Contribute to the resolution of complex and multi-faceted situations requiring solid understanding of the function, policies, procedures, and compliance requirements that meet deliverables.
Strategically collaborate and consult with client personnel.
