Listing Description
Content Engineer | 20306
IT Santa Clara, California
APPLY
Description
ServiceNow is changing the way people work. With a service-orientation toward the activities, tasks and processes that make up day-to-day work life, we help the modern enterprise operate faster and be more scalable than ever before.
ServiceNow is looking to expand its Telemetry Operations with an additional Content Engineer. As a member of the Threat Intelligence team, the Content Engineer will drive security telemetry into production for Security Operations. The primary role of the content engineer is to have total oversight of all things telemetry. This ownership includes creation of new alerts/dashboards, troubleshooting complex alert query fixes, managing development workflow, tracking change control, and adherence to regulatory obligations.
Duties and Responsibilities:
Oversee the entire process for Telemetry creation and change management from beginning to end.
Collaborate with fellow cyber threat intelligence analysts and threat hunters teammates on new use cases.
Troubleshoot advanced query logic and work with various teams to derive the best solution.
Create initial alert queries and validate output with stakeholders.
Implement changes to existing alert queries for performance improvements, threshold adjustments or exclusion filters.
Triage and prioritize telemetry requests based off risk, impact and complexity.
Deploy telemetry changes into production using a formalized process, to include ServiceNow Security Operations module integration for security incident creation.
Provide telemetry item’s purpose to the documentation support analyst.
Maintain telemetry inventory for regulatory and compliance audits.
Coordinate with incident response team with telemetry needs for security investigations.
Create meaningful dashboards for detection patterns or behavior monitoring. This will sometimes require statistical analysis or advanced visualizations.
Track progress and escalate problem areas when needed.
In order to be successful in this role, we need someone who has:
3-5 years’ experience in information security. Preferably in the domains of Security Operations or Security Engineering.
2 years minimum of using Splunk Search Processing Language (SPL).
Prior experience with SIEM technology and log aggregation applications.
Project management skills in order to track multiple updates with an organized method.
Ability to understand various log types from a variety of sources such as network devices, operating systems and application specific logs.
Proficient regex pattern matching skills.
Knowledge of MITRE ATT&CK Matrix is a bonus.
Familiar with effective visualizations and dashboarding fundamentals.
Concise verbal and written communication skills.
Experience with the ServiceNow platform is a bonus.
Candidates must be able to meet all federal government security screening requirements as indicated: Federal security screening requirements call for applicant to verify U.S. Citizenship. Additional customer screening requirements may include additional items such as, but not limited to: specialized agency background checks (either national or local) and fingerprinting, as well as the ability to obtain a government personnel security clearance.
We provide competitive compensation, generous benefits and a professional atmosphere. This is a very collaborative and inclusive work environment where individuals strong on aptitude and attitude will have an opportunity to grow their professional careers through working with some of the most advanced technology and talented developers in the business.
ServiceNow is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, gender identity, or veteran status. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact us at (408) 501-8550, or talent.acquisition@servicenow.com for assistance.Oversee the entire process for Telemetry creation and change management from beginning to end.
Collaborate with fellow cyber threat intelligence analysts and threat hunters teammates on new use cases.
Troubleshoot advanced query logic and work with various teams to derive the best solution.
Create initial alert queries and validate output with stakeholders.
Implement changes to existing alert queries for performance improvements, threshold adjustments or exclusion filters.
Triage and prioritize telemetry requests based off risk, impact and complexity.
Deploy telemetry changes into production using a formalized process, to include ServiceNow Security Operations module integration for security incident creation.
Provide telemetry item’s purpose to the documentation support analyst.
Maintain telemetry inventory for regulatory and compliance audits.
Coordinate with incident response team with telemetry needs for security investigations.
Create meaningful dashboards for detection patterns or behavior monitoring. This will sometimes require statistical analysis or advanced visualizations.
Track progress and escalate problem areas when needed.
Listing Details
- Citizenship: No Requirements
- Incentives: Both
- Education: Bachelors Degree
- Travel: Travel 25
- Telework: Full Telecommute