Overview As a Threat Detection Engineer you will be instrumental in the creation, testing, tuning and deployment of threat detections, evaluating their security value, analysing and assigning the detection to the MITRE attack framework, and streamlining the delivery of security services across the entire scope of our company. You will be required to communicate complex detection capabilities to both technical teams and non-technical senior executives and customers, making your ability to translate intricate technical details into clear, understandable terms a vital asset to our team.
Responsibilities
- Create and research new ways to tie event telemetry together in new and valuable ways
- Develop, debug and deploy detections
- Continually find ways to streamline processes and re-use of code
- Parse various types of log events into standardized formats regardless of the availability of vendor documentation
- Find creative ways to correlate events that are otherwise indirect
- Produce detection and process documentation
- Collaborate with Global SOC, IR and product related teams on progress or issues
- Perform open source intelligence (OSINT) collection and analysis, identifying relevant indications of cyber threats, malicious code, malicious websites, and vulnerabilities.
- Work to ingest disparate data sources to enrich existing detection set
- Provide mentoring and collaboration with other team members
Key Performance Indicators (KPIs)
- Sense of urgency for high priority deliverables
- Quality and standardization of code
- Impact of contributions to Cybereason Security Services performance in the form of improvements to:
- Detection deployment timelines
- Enrichment and tuning of detections, increasing quality
- Demonstration of creativity and security value
- Adaptability to new processes and technologies
Qualifications
- 4+ years+ of relevant experience in the cybersecurity industry, particularly in the areas of detection engineering, red/blue teaming, cyber threat groups, existing attack methods and their resulting log patterns
- 4+ years+ of experience with query syntax and usage, particularly those applying to log files (Splunk, YARA-L, OPAL, SQL, etc) - simple and complex joins and aggregations
- Foundational understanding of computer networking and modern computer architecture/operating systems
- Familiarity with network and security control products (firewalls, auth systems, MFA, cloud) and vendor and industry standard event logging formats (syslog, CEF, etc)
- Working knowledge MITRE ATT&CK, Lockheed Martin’s Cyber Kill Chain frameworks
- Background and experience in at least 3 of 6 areas is required:
- Cyber Threat Intelligence - OSINT, Dark Web, or research
- Digital Forensics & Incident Response (DFIR)
- Detection Engineering (in support of EDR/XDR/MDR platforms)
- SOC operations and analysis
- Malware analysis & reverse engineering
- Penetration Testing and/or Red Team
- Demonstrable problem-solving and analytical thinking capabilities
- Attention to detail
- Ability to manage competing priorities and work efficiently under pressure
- Experience with a query language
- Preference for candidates with Terraform experience
- Preference for candidates with Observe OPAL experience
- Preference for candidates with experience interfacing with external customers
- Motivated to constantly improve processes and methodologies
- Self-starting and capable of leading and completing assignments without supervision
- Excellent interpersonal, verbal & written communication skills
- Ability to work both independently as well as on a team. Comfortable working in remote work environments with a globally distributed team in multiple countries
- Ability to mentor others; proactively collaborates and shares knowledge