Expoint - all jobs in one place

מציאת משרת הייטק בחברות הטובות ביותר מעולם לא הייתה קלה יותר

Limitless High-tech career opportunities - Expoint

Cybereason Threat Detection Engineer 
Japan, Tokyo 
246552329

31.08.2024

As a , you will be instrumental in the creation, testing, tuning and deployment of threat detections, evaluating their security value, analyzing and assigning the detection to the MITRE attack framework, and streamlining the delivery of security services across the entire scope of our company. You will be required to communicate complex detection capabilities to both technical teams and non-technical senior executives and customers, making your ability to translate intricate technical details into clear, understandable terms a vital asset to our team.


What you will do

  • Create and research new ways to tie event telemetry together in new and valuable ways
  • Develop, debug and deploy detections
  • Continually find ways to streamline processes and re-use of code
  • Parse various types of log events into standardized formats regardless of the availability of vendor documentation
  • Find creative ways to correlate events that are otherwise indirect
  • Produce detection and process documentation
  • Collaborate with Global SOC, IR and product related teams on progress or issues
  • Perform open source intelligence (OSINT) collection and analysis, identifying relevant indications of cyber threats, malicious code, malicious websites, and vulnerabilities.
  • Work to ingest disparate data sources to enrich existing detection set
  • Provide mentoring and collaboration with other team members

Key Performance Indicators (KPIs)

  • Sense of urgency for high priority deliverables
  • Quality and standardization of code
  • Impact of contributions to Cybereason Security Services performance in the form of improvements to:
  • Detection deployment timelines
  • Enrichment and tuning of detections, increasing quality
  • Demonstration of creativity and security value
  • Adaptability to new processes and technologies

What we are looking for

  • 4+ years of relevant experience in the cybersecurity industry, particularly in the areas of detection engineering, red/blue teaming, cyber threat groups, existing attack methods and their resulting log patterns
  • 4+ years of experience with query syntax and usage, particularly those applying to log files (Splunk, YARA-L, OPAL, SQL, etc) - simple and complex joins and aggregations
  • Foundational understanding of computer networking and modern computer architecture/operating systems
  • Familiarity with network and security control products (firewalls, auth systems, MFA, cloud) and vendor and industry standard event logging formats (syslog, CEF, etc)
  • Working knowledge MITRE ATT&CK, Lockheed Martin’s Cyber Kill Chain frameworks
  • Background and experience in at least 3 of 6 areas is required:
    ・Cyber Threat Intelligence - OSINT, Dark Web, or research
    ・Digital Forensics & Incident Response (DFIR)
    ・Detection Engineering (in support of EDR/XDR/MDR platforms)
    ・SOC operations and analysis
    ・Malware analysis & reverse engineering

Core Values:

  • Win As One: The power of an individual is less than the power of a team.
  • Ever Evolving: Change keeps us at the forefront, so we encourage it.
  • Daring: To achieve the impossible, we must dare to be different.
  • Obsessed with Customers: We believe gaining our customers’ trust is the most important part of what we do.
  • Never Give Up: We are tenacious and resilient, and we never stop.
  • UbU: We believe people can only unlock their full potential when they work somewhere that accepts who they are.