Description
IMPORTANT
English only OK
Top 3 skills
3+ years of technical experience with one or more SIEM and UEBA platforms (e.g. Splunk, Elastic, ArcSight, QRadar, LogRhythm, etc)Knowledge of at least one scripting language (Python, Perl, Ruby, etc.) as well as regular expressions. Understanding of various security frameworks and/or methodologies (e.g. MITRE ATT&CK, Cyber Kill Chain, Diamond Model, NIST, etc) Experience with the following technologies is highly desirable: Splunk, Apache NiFi, Apache Kafka, Tableau, Cloudera, Elastic Stack (Logstash, Elasticsearch, Kibana)
As a Detection Engineer within the Content Team, a candidate is expected to utilize his/her technical expertise to create detection logic to identify prioritized threats using logs and security telemetry. You will work collaboratively to implement detections that observes system activity and recognizes malicious behavior within multiple SIEM platforms. You would help develop creative and resourceful ways to identify gaps and detect threats while leveraging core OS telemetry such as file system, memory, process, and network. You would collaborate with multiple teams and are expected to make significant contributions to the design and implementation of major development projects.
What You Would Do:
Build mechanisms that combine multiple detection signals to create higher fidelity threat detections. Develop and/or engineer security detections as code. Analyze the latest attacker techniques and develop approaches to detect them across the company's diverse environments and endpoints. Develop and maintain parsers in connectors to ensure logs are properly organized and normalized. Automation to improve identification and response time and reduce impact of incidents. Work cross functionally to perform proactive Threat Hunting and Purple Teaming. Participate in various meetings such as daily stand-ups, project reports and status calls, etc. Required Skillsets:
3+ years of technical experience with one or more SIEM and UEBA platforms (e.g. Splunk, Elastic, ArcSight, QRadar, LogRhythm, etc) Knowledge of at least one scripting language (Python, Perl, Ruby, etc.) as well as regular expressions. Understanding of various security frameworks and/or methodologies (e.g. MITRE ATT&CK, Cyber Kill Chain, Diamond Model, NIST, etc) Experience with the following technologies is highly desirable: Splunk, Apache NiFi, Apache Kafka, Tableau, Cloudera, Elastic Stack (Logstash, Elasticsearch, Kibana) Host level detection with tools such as Auditbeat, Osquery, EDR or Sysmon Working knowledge of GIT, JIRA, Jenkins, Docker, Kafka other Agile CI/CD and Kanban boards. Ability to work independently with minimal direction; self-starter/self-motivated. **Valid certification, accreditation such as SANS or CISSP is NOT mandatory. Showing how your candidate’s experience provides them the ability to perform the functions of the role is mandatory.
