As a part of the Detection Engineering team, you will:
Enable streamlined and effective customer collaboration by integrating scalable Detection as Code (DaC) techniques seamlessly into our service offerings
Focus on lifecycle management of threat detection content
Design and engineer cyber security use cases to detect attacker behaviors
Automate recurrence of use case execution across a diverse enterprise landscape
Support a threat intelligence driven approach to identifying the most relevant risks
Partner with offensive capabilities to continuously validate detection content
Partner with Lines of Businesses to enable a central Detection service
Adopt a modern shift left mentality to find threats in real time
Own key objectives and work with our partners across the company
What you bring
2+ years of related professional experience
Knowledge of detection methods and frameworks (e.g. ATT&CK, Sigma)
Knowledge of container and orchestration technologies (e.g. Kubernetes, Docker, Helm, Gardner etc.)
Experience in SIEM and EDR technologies (e.g., ELK, Splunk, Sumo Logic, CrowdStrike, TrendMicro, SentinelOne, Windows Defender)
Demonstrated ability to create effective detections at scale
Experience with at least one major cloud platform (e.g. AWS, GCP, Azure)
Familiarity with modern programming languages and data analysis techniques
Experience creating and tuning threat detection rules
Familiarity with detection and prevention technology usage and configuration (EDR, WAF, IPS, etc)
Able to work in a global environment across multiple time zones
Experience with a 24/7 or on-call security operational environment (e.g. SOC, JSOC, Fusion Center, Incident Response, NOC, Threat Intelligence)
Beneficial qualifications:
Experience with Agile (SAFe Agile), Scrum, Program Increment (PI) Planning
SANS or similar Cyber Security certifications
Experience in either a development and/or DevOps role
Experience with configuration management tools like Terraform, Puppet, Chef