Devo is the only cloud-native logging and security analytics platform that releases the full potential of your data to empower bold, confident action. With unrivaled scale to collect all of your data without compromise, speed to give you immediate access and answers, and clarity to focus on the signals that matter most, Devo is your ally in protecting your organization today and tomorrow. Headquartered in Cambridge, Mass., Devo is backed by Insight Partners, Georgian, TCV, General Atlantic, Bessemer Venture Partners, Kibo Ventures and Eurazeo. Learn more at www.devo.com

Devo is proud to be recognized as a Great Place to Work®.
Devo is investing in bright, agile, and diverse talent to contribute to our mission of unleashing the Power of Security Analysts, increasing SOC effectiveness, finding & stopping sophisticated threats.
As a Lead Content Engineer you’ll play a key role supporting our SaaS product by improving our ability to detect, analyze, and respond to the organization’s cyber threats. You have experience developing detections aligned with the MITRE ATT&CK framework and understand complete framework coverage is not realistic. Therefore, we need your expertise to help ensure our SOC is focusing on detecting attacks with the highest risk to us.
Additionally, you will strive to improve detection fidelity and decrease false positives, enabling the SOC to effectively analyze and respond when alerted.
How you will make an impact:

• Create detection use cases in SOC tooling to alert SOC analysts to relevant threats.
• Tune SIEM correlation searches and other security tooling to improve fidelity and minimize false positives.
• Build dashboards, playbooks, and other content to optimize the team’s ability to investigate and respond to alerts.
• Manage the content development and threat detection efforts of our MSSP.
• Partner with our SIEM administration team to identify and remediate issues that affect SOC operations.
• Support security specific functions of our SIEM such as configuration of Technology Add-ons, Enterprise Security dashboards and features, and ensuring CIM compliance of key log sources.
• Manage SOC logging requirements by working with our business areas and our SIEM administration team to ensure relevant logs are available in our SIEM to drive SOC detection and analysis needs.
• Influence and support initiatives and new capabilities that will improve our SOC maturity.
• Some examples might include Risk-Based Alerting, Adversary Simulation, or Attack Ranges.
• Serve as an escalation point for other Security Operations team members.
• Provide backup support for other Enterprise Information Security Office functions as needed.

Qualifications:

• Experience building content (searches, dashboards, alerting) within an enterprise SIEM.
• Knowledge and familiarity with current industry best practices (information security policies, procedures, and regulations) and tools (event management and automation) to perform cyber defense activities within the context of an Enterprise SOC.
• Knowledge of adversarial tactics, techniques, and procedures (TTPs) and ability to share meaningful insights within the context of an organization’s threat environment.
• Relevant professional certifications such as Security+, C|EH, GCIH, GCDA, GMON, CISSP and/or equivalent professional experience, education, or skills.

What will make you stand out:

• The ability to effectively prioritize content development based on risk. Just because everyone is talking about some new threat tactic doesn’t mean its top the biggest threat.
• Experience working with Security Orchestration tools such as Palo Alto XSOAR.
• An agile mindset to move quickly and make iterative improvements from lessons learned.

Background Experiences:

• 2+ years of experience working in a SOC.
• 5+ years of experience in Information Security.
• Content development experience with Splunk Enterprise Security, Securonix, Exabeam, Logrhythm, or similar

Why work at Devo?

• You’ll join a Great Place to Work® certified company where we value our people and provide the tremendous opportunities that come with a hyper-growth organization. 
• Be part of an international company with a strong team culture that celebrates success. Share our core values: Be bold - Be Inventive - Be humble - Be an ally.
• A flexible work environment that lets you work in the way that works best for you — in office, fully remote, or hybrid.
• Work in an environment that will challenge you and enable you to grow as a professional. Our professional development programs include:
• Company-paid job-related technical certifications, plus you can earn a bonus for achieving certain certifications.
• Personal development plans based on career paths and free access to an extensive variety of online learning courses. 
• Spanish/English lessons.
• Company-funded learning opportunities for professional development. (ex. conferences, classes, certifications)
• Full support for internal job movements as part of career development.

Comprehensive benefits, including:

• Flexible health benefits including medical, dental and vision coverage.
• 401(k) program with company match.
• Employee Stock Option plan.
• 14 weeks of fully paid parental leave for the birth or adoption of new children. 
• A monthly stipend to help set up your home office.
• Rewards & Recognition program.
• Employee referral program — get a bonus for helping friends get jobs at Devo!
• Office centrally located in Kendall Square, Cambridge, featuring a well-stocked kitchen with free coffee, cookies, and fruit every day, lunch on Wednesdays, and an in-office gym!
• Matching donations program — it is important to give back to our community. Devo matches employee donations to many charitable organizations that further our values and those of our employees .
• Gender and diversity initiatives to increase visibility, inclusion and belonging.