Block Harbor Cybersecurity
Block Harbor Cybersecurity, based in Detroit, Michigan. Recognized as the 2024 Automotive Cybersecurity Company of the Year, we are a cyber platform and service provider dedicated to ensuring the future of mobility is safe. Our Vehicle Security Engineering Cloud (VSEC) platform enables high automation in cybersecurity management throughout the lifecycle of vehicle programs. Our expert red and blue teams work with automakers, suppliers, and auditors in all major markets to deliver technical excellence and solve challenging vehicle cybersecurity issues.
Role Description This role is responsible for architecting and building IoT-focused SOCs and connected system monitoring environments from the ground up. The position may be filled as either a full‑time or contract role; for contract candidates, the initial engagement is 6 months with a strong possibility of extension based on project performance and future needs. A long‑term, full‑time addition to the team is preferred. This is a hands‑on technical role that blends deep engineering experience with architectural design. The engineer will design, deploy, and optimize Microsoft Sentinel and Splunk environments, engineer data pipelines, and automate SOC processes while helping to mature existing monitoring projects across multiple customers and platforms.
Responsibilities SIEM Engineering & Architecture
Design, deploy, and maintain Microsoft Sentinel and Splunk Enterprise Security environments.
Engineer and optimize log ingestion pipelines, ensuring completeness, normalization, and performance.
Develop and manage data models, dashboards, and automation workflows to improve SOC visibility and scalability.
Integrate new log sources from IoT, network, endpoint, and cloud systems.
Maintain and enforce data governance, retention, and compliance requirements.
Automation & Integration
Build and maintain custom automations using Python, PowerShell, or Bash to reduce manual SOC processes.
Implement SOAR playbooks (e.g., Sentinel Logic Apps or Splunk SOAR) for triage and enrichment workflows.
Develop and maintain API‑based integrations between security tools, ticketing systems, and cloud services.
Automate alert enrichment, log correlation, and workflow routing using orchestration platforms.
Cloud Security Engineering
Implement and manage security controls, logging, and monitoring pipelines in AWS and Azure.
Architect and maintain integrations with Security Hub, GuardDuty, CloudTrail, Azure Defender, and Log Analytics.
Engineer cross‑cloud telemetry and ensure coverage for all critical IoT workloads.
Apply infrastructure‑as‑code principles (Terraform, CloudFormation, or Bicep) for repeatable security deployments.
SOC Platform Development & Support
Evaluate and onboard new technologies for SOC automation, detection, and analytics.
Collaborate with development and DevOps teams to embed monitoring at the infrastructure and application layers.
Implement scalability improvements, data‑quality validation, and system‑performance monitoring for SOC tooling.
Develop documentation, runbooks, and training material for analysts and engineering teams.
Conduct gap assessments and tool performance reviews to improve SOC maturity.
Define engineering standards and best practices for log onboarding, alert design, and automation lifecycle management.
Partner with architecture and compliance teams to align to industry frameworks (NIST, CIS, ISO 27001).
Contribute to technology roadmaps, tool evaluations, and R&D initiatives for SOC modernization.
Required Qualifications
Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or equivalent experience.
3–5+ years in SOC engineering, security architecture, or SIEM platform management.
Hands‑on experience with Microsoft Sentinel (required).
Experience with Splunk Enterprise Security, AWS, Azure, and scripting in Python, PowerShell, or Bash.
Strong understanding of network protocols, identity systems, log management, and security event pipelines.
Preferred / Nice‑to‑Have
Knowledge of monitoring related requirements in regulations such as: UNR 155/156, EASA, Machinery Regulation, CRA, NIS2, 15 CFR Part 791D, TSA Security Directives relevant to Rail & Aviation.
Experience with SOAR platforms (Splunk SOAR, Sentinel Playbooks, Cortex XSOAR).
Familiarity with data engineering tools (Kafka, Kinesis, Logstash, Fluentd).
Experience with cloud‑native security architecture and Zero Trust principles.
Strong background in API development, scripting pipelines, and log schema design.
Seniority Level Mid‑Senior level
Employment Type Full‑time
Job Function Design, Art/Creative, and Information Technology
#J-18808-Ljbffr
Role Description This role is responsible for architecting and building IoT-focused SOCs and connected system monitoring environments from the ground up. The position may be filled as either a full‑time or contract role; for contract candidates, the initial engagement is 6 months with a strong possibility of extension based on project performance and future needs. A long‑term, full‑time addition to the team is preferred. This is a hands‑on technical role that blends deep engineering experience with architectural design. The engineer will design, deploy, and optimize Microsoft Sentinel and Splunk environments, engineer data pipelines, and automate SOC processes while helping to mature existing monitoring projects across multiple customers and platforms.
Responsibilities SIEM Engineering & Architecture
Design, deploy, and maintain Microsoft Sentinel and Splunk Enterprise Security environments.
Engineer and optimize log ingestion pipelines, ensuring completeness, normalization, and performance.
Develop and manage data models, dashboards, and automation workflows to improve SOC visibility and scalability.
Integrate new log sources from IoT, network, endpoint, and cloud systems.
Maintain and enforce data governance, retention, and compliance requirements.
Automation & Integration
Build and maintain custom automations using Python, PowerShell, or Bash to reduce manual SOC processes.
Implement SOAR playbooks (e.g., Sentinel Logic Apps or Splunk SOAR) for triage and enrichment workflows.
Develop and maintain API‑based integrations between security tools, ticketing systems, and cloud services.
Automate alert enrichment, log correlation, and workflow routing using orchestration platforms.
Cloud Security Engineering
Implement and manage security controls, logging, and monitoring pipelines in AWS and Azure.
Architect and maintain integrations with Security Hub, GuardDuty, CloudTrail, Azure Defender, and Log Analytics.
Engineer cross‑cloud telemetry and ensure coverage for all critical IoT workloads.
Apply infrastructure‑as‑code principles (Terraform, CloudFormation, or Bicep) for repeatable security deployments.
SOC Platform Development & Support
Evaluate and onboard new technologies for SOC automation, detection, and analytics.
Collaborate with development and DevOps teams to embed monitoring at the infrastructure and application layers.
Implement scalability improvements, data‑quality validation, and system‑performance monitoring for SOC tooling.
Develop documentation, runbooks, and training material for analysts and engineering teams.
Conduct gap assessments and tool performance reviews to improve SOC maturity.
Define engineering standards and best practices for log onboarding, alert design, and automation lifecycle management.
Partner with architecture and compliance teams to align to industry frameworks (NIST, CIS, ISO 27001).
Contribute to technology roadmaps, tool evaluations, and R&D initiatives for SOC modernization.
Required Qualifications
Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or equivalent experience.
3–5+ years in SOC engineering, security architecture, or SIEM platform management.
Hands‑on experience with Microsoft Sentinel (required).
Experience with Splunk Enterprise Security, AWS, Azure, and scripting in Python, PowerShell, or Bash.
Strong understanding of network protocols, identity systems, log management, and security event pipelines.
Preferred / Nice‑to‑Have
Knowledge of monitoring related requirements in regulations such as: UNR 155/156, EASA, Machinery Regulation, CRA, NIS2, 15 CFR Part 791D, TSA Security Directives relevant to Rail & Aviation.
Experience with SOAR platforms (Splunk SOAR, Sentinel Playbooks, Cortex XSOAR).
Familiarity with data engineering tools (Kafka, Kinesis, Logstash, Fluentd).
Experience with cloud‑native security architecture and Zero Trust principles.
Strong background in API development, scripting pipelines, and log schema design.
Seniority Level Mid‑Senior level
Employment Type Full‑time
Job Function Design, Art/Creative, and Information Technology
#J-18808-Ljbffr