<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">


Threat Content Developer

🏢 Scottsdale, Arizona | Status: OPEN

All Careers

Threat Content Developer

Job Description:

Datashield, ADT Cybersecurity is looking for motivated individuals to fill threat content developer positions. Candidates should have ample exposure to network security principles, threat detection practices, rule writing (NetWitness/Esper/Suricata preferred), along with first-hand experience working in a security operations center or security engineering environment.   Prospective candidates should have excellent communication skills, work effectively in a team, and perform well in a rapidly-paced workplace.


  • SIEM, Packet and Endpoint parsers, rules, signatures, suppressions, metrics and dashboards content development
  • Creation of security & compliance reports for logs, packets and endpoints
  • Owning and managing content release schedules
  • Manage weekly customer cyber bulletin
  • Interface between R&D and Security Operations Center in regards to intel and content
  • Continually research and analyze malware, security threats and vulnerabilities
  • Support and manage threat intelligence information ingestion into security tools
  • Provide actionable intelligence and apply to packet, log and endpoint solutions

Desired Background / Skillset:

Required technical skills:

Strong understanding of network principles and topology, network protocol behavior, security devices (IPS, IDS, HIPS, firewall).  First-hand security operations center (SOC) experience performing analyst/security engineer duties.  Deep understanding of how malicious traffic appears over the network.  Rule and/or query writing experience in at least one SEIM, IDS/IPS – RSA NetWitness, Esper, or Suricata highly preferred, but not mandatory.  Must have strong threat detection knowledge and intuition.  Should understand content testing, implementation, and revision cycle.  Must understand how to gather threat intelligence and identify IoCs for use in detection mechanisms at both the host and network level.  Candidates should also have exposure to a wide variety of network and host logging formats (syslog, Winevent, PaloAlto, antivirus).

Recommended certifications: GIAC 400/500-level certifications (or industry equivalent).

Required experience (Minimum): 2-3 years of direct involvement with security operations, security engineering, threat analysis, incident response, and threat detection.

Desired Education Level:

Bachelor's Degree or Equivalent Experience

Apply Today