Security Alert System Developer

What we do:
Halcyon is the industry’s first dedicated, adaptive security platform that combines multiple proprietary advanced prevention engines along with AI models focused specifically on stopping ransomware.

Who we are:
Halcyon was formed in 2021 by a team of cyber industry veterans after battling the scourge of ransomware (and advanced threats) for years at some of the largest global security vendors. Comprised of leaders from Cylance (now Blackberry), Accuvant (now Optiv), Fireye and ISS X-Force (now IBM), Halcyon is focused on building products and solutions for mid-market and enterprise customers.

As a remote-native, completely distributed global team, we recognize great talent can exist anywhere. We invite you to apply to a job you’re interested in and we'll work a plan to meet your needs.

About the Project

We're developing a sophisticated security alert management system for enterprise environments. The system integrates with the Halcyon security platform to process, analyze, and facilitate the triage of security alerts. Our solution helps security teams efficiently categorize threats, distinguish between true and false positives, and maintain appropriate response protocols.

Role Overview

We're seeking an experienced Python developer with a strong background in security operations to join our team. This role involves enhancing and maintaining a critical security alert processing and triage system that security analysts rely on daily to identify and respond to potential threats.

Key Responsibilities

• Develop, maintain, and enhance Python-based security alert processing systems

• Implement integrations with security APIs including VirusTotal and Halcyon's security platform

• Design and improve user interfaces for security alert triage via Slack interfaces

• Create and maintain secure database operations for alert storage and tracking

• Implement automated threat classification and scoring mechanisms

• Optimize alert processing workflows to reduce analyst fatigue and improve response times

• Collaborate with security operations teams to ensure system effectiveness

Required Skills & Experience

• 7+ years of Python development experience, particularly with API integrations

• Experience with security platforms and security alert management

• Familiarity with threat intelligence concepts and security operations workflows

• Knowledge of database systems (particularly SQLite) and SQL query optimization

• Understanding of RESTful API design and consumption

• Experience with asynchronous programming and multi-threading in Python

• Ability to work with JSON data structures and API responses

Preferred Qualifications

• Experience with Slack API integrations and interactive message components

• Knowledge of security tooling (VirusTotal, YARA rules, etc.)

• Understanding of malware analysis and classifications

• Familiarity with container technologies (Docker, Kubernetes)

• Experience with cloud security concepts and platforms

• Security certifications (CISSP, OSCP, Security+, etc.)

• Experience with Flask or other lightweight web frameworks

Technical Environment

You'll be working with:

• Python 3.x

• SQLite for database operations

• RESTful APIs (Halcyon, VirusTotal, etc.)

• Slack API for interactive alerts

• JSON data processing

• GitHub for version control

• YARA rules for threat detection

• Flask for web service components

Project Specifics

This system handles the following key functions:

• Processing incoming security alerts from various sources

• Enriching alerts with threat intelligence data

• Presenting critical alert information to security analysts

• Facilitating informed decision-making on alert triage (true positive/false positive)

• Maintaining records of alert dispositions and analyst notes

• Automating routine alert handling based on established patterns

• Generating reports on alert trends and analyst activities

Collaboration EnvironmentYou'll work closely with security operations teams to understand their workflows and challenges. The ideal candidate should have strong communication skills and the ability to translate security analyst needs into effective technical solutions.

In accordance with applicable state and federal laws, the range provided is Halcyon’s reasonable estimate of the base compensation for this role. The actual amount may differ based on non-discriminatory factors such as experience, knowledge, skills, abilities, and location. Base pay is one part of the total package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and equity in the Company.

We understand it takes a diverse team of highly intelligent, passionate, curious, and creative people to develop the exceptional product we are building. Our dynamic team has incredible perspectives to share, just as we know you do, and we take great pride in being an equal opportunity employer.