Security Alert System Developer

About the Project

We're developing a sophisticated security alert management system for enterprise environments. The system integrates with the Halcyon security platform to process, analyze, and facilitate the triage of security alerts. Our solution helps security teams efficiently categorize threats, distinguish between true and false positives, and maintain appropriate response protocols.

Role Overview

We're seeking an experienced Python developer with a strong background in security operations to join our team. This role involves enhancing and maintaining a critical security alert processing and triage system that security analysts rely on daily to identify and respond to potential threats.

Key Responsibilities

• Develop, maintain, and enhance Python-based security alert processing systems

• Implement integrations with security APIs including VirusTotal and Halcyon's security platform

• Design and improve user interfaces for security alert triage via Slack interfaces

• Create and maintain secure database operations for alert storage and tracking

• Implement automated threat classification and scoring mechanisms

• Optimize alert processing workflows to reduce analyst fatigue and improve response times

• Collaborate with security operations teams to ensure system effectiveness

Required Skills & Experience

• 7+ years of Python development experience, particularly with API integrations

• Experience with security platforms and security alert management

• Familiarity with threat intelligence concepts and security operations workflows

• Knowledge of database systems (particularly SQLite) and SQL query optimization

• Understanding of RESTful API design and consumption

• Experience with asynchronous programming and multi-threading in Python

• Ability to work with JSON data structures and API responses

Preferred Qualifications

• Experience with Slack API integrations and interactive message components

• Knowledge of security tooling (VirusTotal, YARA rules, etc.)

• Understanding of malware analysis and classifications

• Familiarity with container technologies (Docker, Kubernetes)

• Experience with cloud security concepts and platforms

• Security certifications (CISSP, OSCP, Security+, etc.)

• Experience with Flask or other lightweight web frameworks

Technical Environment

You'll be working with:

• Python 3.x

• SQLite for database operations

• RESTful APIs (Halcyon, VirusTotal, etc.)

• Slack API for interactive alerts

• JSON data processing

• GitHub for version control

• YARA rules for threat detection

• Flask for web service components

Project Specifics

This system handles the following key functions:

• Processing incoming security alerts from various sources

• Enriching alerts with threat intelligence data

• Presenting critical alert information to security analysts

• Facilitating informed decision-making on alert triage (true positive/false positive)

• Maintaining records of alert dispositions and analyst notes

• Automating routine alert handling based on established patterns

• Generating reports on alert trends and analyst activities

Collaboration EnvironmentYou'll work closely with security operations teams to understand their workflows and challenges. The ideal candidate should have strong communication skills and the ability to translate security analyst needs into effective technical solutions.