23 days old

Security Content Engineer

SageNet, LLC.
Reston, VA 20190
  • Job Code

SageNetis a leading managed services provider specializing in connectivity,cybersecurityand digital signage.Weconnect,manageand protect technologies and devices across widely distributed enterprises.Ourpeople,processesand technologies, coupled with its collaborative approach, empowers customers to achieve their core business objectives.

SageNetoffers world-class service and support viaourUS-based 24/7/365 Network Operations Centers (NOCs) and Security Operations Centers (SOCs),geographically-diverseteleports, a central National Logistics Center, multiple data centers, and a nationwide field service organization.

Job Overview:

The Security Content Engineer is a highly specialized senior individual with aspirations in threat intelligence, zero-day analysis, signature definition and policy creation. This individual will be responsible for the creation, curation, integration, and documentation of SageNet security intelligence content and correlation logic. The Content engineer will work with SageNets Security Engineering and Analysis teams to gather relevant detail and information around emerging threats in the security landscapes that apply to SageNets customer base and transform this information into actionable security alerts within SageNets various SIEM technology platforms. Additionally, this position will conduct analyst team trainings on emerging threats and internal technology from a threat intelligence perspective.

Job Responsibilities:

  • Research, document, and develop attack detections for a range of client environments and product data sources

  • Create investigative documentation for analyst and client consumption

  • Develop and implement investigative playbooks in SageNet SOAR Platform

  • Perform ongoing reviews of existing security content for accuracy, applicability, and potential upgrade

  • Provide quarterly new content reports specific to each client/client vertical

  • Create dashboards/reports for clients based on client and SageNet input


  • Ability to translate attacker techniques into high fidelity detection use cases

  • Deep understanding of MITRE ATT&CK framework

  • Python experience

  • Background in incident alert investigation and response preferred

  • Knowledge of threat signals created by various endpoint and network-based products

  • Understanding of SIEM data ingestion and normalization

Attention All Third Party Agencies, Headhunters, and Recruiters
SageNet will not accept candidate submission by unsolicited third parties through this site or any company email address. All unsolicited candidates presented to SageNet will be considered the property of SageNet. SageNet will not be responsible for any fees associated with unsolicited candidates, nor will a contractual relationship be formed by the submission. SageNet is not obligated and will not under any circumstances pay any fees to said third parties submitting candidates in this manner. SageNet only forms contracts with recruiters with whom we have an established business relationship and with whom we have in place a signed agreement. All contact with SageNet from third parties must be through our Talent Acquisition Department. Any contact made outside of the SageNet Talent Acquisition Department by a third party will cancel any future business relationships between the third party and SageNet.

Please contact Katie.Halstead@SageNet.com for any questions.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractors legal duty to furnish information. 41 CFR 60-1.35(c)


Posted: 2021-11-11 Expires: 2021-12-10
Sponsored by:
ADP Logo
Sponsored by:
Bank of America Logo

Featured Jobs[ View All ]

Featured Employers

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Security Content Engineer

SageNet, LLC.
Reston, VA 20190

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast