Information Security Engineer 4

Outstanding long-term contract opportunity! A well-known Financial Services Company is looking for a Information Security Engineer in Charlotte, NC (Hybrid).

Work with the brightest minds at one of the largest financial institutions in the world. This is a long-term contract opportunity that includes a competitive benefit package! Our client has been around for over 150 years and is continuously innovating in today's digital age. If you want to work for a company that is not only a household name, but also truly cares about satisfying customers' financial needs and helping people succeed financially, apply today.

Contract Duration: 18 Months

Required Skills & Experience

• 5+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work or consulting experience, training, military experience, education.
• 5+ years in threat detection engineering, security operations, or incident response, with at least 3 years focused on writing and tuning detections.
• Demonstrated ownership of a detection lifecycle or detection engineering program (requirements, design, implementation, tuning, decommission).
• Proven experience working in large or complex environments (multi-tenant, multi-cloud, or global enterprises).
• Strong experience writing and tuning detections in:
• **SIEM**: Splunk (SPL proficiency required; advanced search, macros, data models, scheduled searches, alerting).
• **EDR/XDR**: CrowdStrike (Falcon platform; custom IOA rules, detection tuning, exclusion logic).
• **Microsoft Security**:
• Microsoft Defender for Endpoint / Defender for Cloud Apps.
• Kusto Query Language (KQL) for Microsoft Sentinel and M365 Defender.
• **Cloud Platforms**:
• Azure (log analytics, activity logs, Azure AD, Defender for Cloud).
• GCP (Cloud Logging, Security Command Center, IAM, network telemetry).
• Ability to translate attacker techniques (TTPs) into detection logic across multiple platforms.
• Deep understanding of:
• MITRE ATT&CK (enterprise matrix; TTP coverage, mapping detections to ATT&CK)
• Common adversary tradecraft: phishing, ransomware, lateral movement, privilege escalation, exfiltration, cloud account compromise, identity misuse.
• Ability to perform detection gap analysis based on recent threats (e.g., ransomware families, cloud-native attacks, identity-based attacks).
• Familiarity with threat intel sources and how to operationalize them into detection content.
• Demonstrated experience:
• Measuring and improving detection fidelity (precision/recall, false positive/negative analysis).
• Designing and executing test plans for detections (simulations, red team findings, adversary emulation tools).
• Using test frameworks (e.g., Atomic Red Team, Caldera, commercial breach & attack simulation) to validate detection coverage.
• Experience building and maintaining:
• Top talker detection dashboards and metrics.
• Feedback loops with SOC analysts to continuously refine detection logic.
• Runbooks or playbooks tied to specific detections.
• Data Engineering & Telemetry Understanding
• Strong grasp of logging and telemetry:
• Windows event logs, Sysmon, Linux logs.
• Network telemetry (NetFlow, firewall logs, proxy/DNS).
• Identity and access logs (Azure AD, Okta, on-prem AD).
• Cloud-native logs (Azure, GCP, AWS if applicable).
• Assess log quality and coverage (whats being collected, from where, and how often).
• Specify data requirements for new or improved detections.
• Work with platform or infra teams to onboard or normalize new log sources.
• Engineering & Automation Mindset
• Proficiency in one or more scripting/programming languages (Python, PowerShell, or similar) for:
• Detection content automation (mass updates, testing, reporting).
• Building small tools to support detection analysis or enrichment.
• Experience with version control and SDLC-like processes for detection content:
• Git (branching, pull requests, code review).
• Change management, testing, and staged rollout of new rules.

Desired Skills & Experience

• Familiarity with infrastructure-as-code / configuration-as-code for security tooling

What You Will Be Doing

• Consult on complex initiatives with broad impact and large-scale planning for Information Security Engineering.
• Review and analyze complex multi-faceted, larger scale or longer-term Information Security Engineering challenges that require in-depth evaluation of multiple factors including intangibles or unprecedented factors.
• Contribute to the resolution of complex and multi-faceted situations requiring solid understanding of the function, policies, procedures, and compliance requirements that meet deliverables.
• Strategically collaborate and consult with client personnel.