Cybersecurity Detection Content Developer

Ellington Solutions is seeking qualified candidates that will:

• Develop security monitoring dashboards and alerts using SIEM and network security tools (Hybrid/Cloud).
• Identify threats, suspicious behaviors, and potential incidents while supporting analytical investigations.
• Assess and refine custom and out-of-the-box detection content.
• Monitor on-premises and cloud service environments for SOC operations support.
• Act as the principal cybersecurity content SME.
• Collaborate with teams for threat intelligence, red team initiatives, identity management, and security architecture assessments.
• Manage detection content for identifying vulnerabilities and improving security monitoring.
• Address production and development environment issues using log analysis and non-intrusive testing.
• Apply critical thinking to interpret threat intelligence, attack vectors, and TTPs for optimal remediation strategies.
• Analyze log files from multiple sources to identify potential threats and vulnerabilities.
• Create technical documentation for content creation, rule reviews, and language-specific queries.
• Develop SOPs, detection gap analysis, and monitoring strategies.
• Maintain effective communication on task progress, obstacles, and process improvements.
• Analyze security systems and the impact of changes on monitoring content.
• Apply cybersecurity principles like confidentiality, integrity, and availability.

Requirements

The qualified candidate must have:

• TS/SCI Clearance (Required)
• Experience with security tools related to IPS/IDS, Antivirus, Firewalls, Proxies, DLP, Forensic Analysis, Malware analysis, SIEM, Cloud, and the content development lifecycle. (Required)
• Advanced skill in analyzing log events for on prem and cloud technologies to facilitate development of cyber defense detections. (Required)
• Bachelor degree in cybersecurity or related discipline
• Strong knowledge of security architectures, proxies, firewalls, and vulnerabilities.
• 7+ years in cybersecurity operations and SIEM technologies as a senior analyst or supervisor.
• Expertise in content creation, testing, and complex cybersecurity threat analysis.
• Comprehensive understanding of blue team/red team processes for custom content development.
• Exceptional verbal and written communication for presenting complex findings clearly.
• Advanced research, analytical, and problem-solving skills.
• Experience with Splunk Power User, CySA+, CASP+, CISSP or other related Information Security Certifications.
• Advanced in detection content development using SPL, SNORT, YARA, and KQL.
• Advanced knowledge of IT security standards and frameworks (e.g., MITRE ATT&CK )