Call for Incident Response


We Are Hiring

We’re looking for qualified candidates to be a part of our team. View the listing below for role, job description, desired background / skillset and additional information.


Threat Content Developer


Security Operations


Scottsdale, Arizona (SOC)

Dave Norlin
Job Description:

DATASHIELD, ADT Cybersecurity is looking for motivated individuals to fill threat content developer positions.  Candidates should have ample exposure to network security principles, threat detection practices, rule writing (NetWitness/Esper/Suricata preferred), along with first-hand experience working in a security operations center or security engineering environment.   Prospective candidates should have excellent communication skills, work effectively in a team, and perform well in a rapidly-paced workplace.

What You Will Be Doing:
  • SIEM, Packet and Endpoint parsers, rules, signatures, suppressions, metrics and dashboards content development
  • Creation of security & compliance reports for logs, packets and endpoints
  • Owning and managing content release schedules
  • Manage weekly customer cyber bulletin
  • Interface between R&D and Security Operations Center in regards to intel and content
  • Continually research and analyze malware, security threats and vulnerabilities
  • Support and manage threat intelligence information ingestion into security tools
  • Provide actionable intelligence and apply to packet, log and endpoint solutions
Desired Background / Skillset:

Required technical skills:

Strong understanding of network principles and topology, network protocol behavior, security devices (IPS, IDS, HIPS, firewall).  First-hand security operations center (SOC) experience performing analyst/security engineer duties.  Deep understanding of how malicious traffic appears over the network.  Rule and/or query writing experience in at least one SEIM, IDS/IPS – RSA NetWitness, Esper, or Suricata highly preferred, but not mandatory.  Must have strong threat detection knowledge and intuition.  Should understand content testing, implementation, and revision cycle.  Must understand how to gather threat intelligence and identify IoCs for use in detection mechanisms at both the host and network level.  Candidates should also have exposure to a wide variety of network and host logging formats (syslog, Winevent, PaloAlto, antivirus).

Recommended certifications: GIAC 400/500-level certifications (or industry equivalent).

Required experience (Minimum): 2-3 years of direct involvement with security operations, security engineering, threat analysis, incident response, and threat detection.

Desired Education Level:

Bachelor's Degree or Equivalent Experience

We are an Equal Opportunity Employer

DATASHIELD is an equal opportunity employer committed to diversity in the workplace.




DATASHIELD is growing. We want you to grow with us. New openings can fast track your career.

Great Location

There’s a reason they call it the Valley of the Sun. Ditch the puffy coat. You won’t need it.


With DATASHIELD's competitive salaries and benefit packages, you’ll be paid what you’re worth.