Blue Team / Security Threat Detection Engineer
Atlanta
Job Description Job Description Security Threat Detection Engineer Consultant This is a remote position
Responsibilities:
· Ideate, design, develop, test, monitor, and tune high-quality detections to ensure security analysts have the ability to respond to security threats
· Write complete and well-documented alerting and detection strategies to ensure the security analysts and incident responders have the necessary context and runbooks to respond to detections
· Build, maintain, and improve custom detection and alerting solutions, or work with existing commercial tools to ensure they are tuned properly to meet detection coverage needs
· Act as a subject matter expert for security-relevant logs and data to assist Incident Response team during high-priority investigations
· Collaborate with Threat Intelligence team to ensure detections have a meaningful impact on improving security posture
Required Skills:
· 5-7 years experience with hands-on experience with full-lifecycle detection engineering in support of a security operations team
· Experience as a Security Operations Analyst or Incident Responder
· Comfortability operating in Splunk or other common SIEM and SOAR solutions
· Technical depth in one or more of the following specialties: application security, cloud security, digital forensics, malware analysis, threat hunting, incident response or some combination thereof
· Familiarity with SQL, relational databases, and data warehousing
· Basic Python (or other scripting language) experience in order to automate tasks within case management and CI/CD environment
· Experience with defining, collecting, and analyzing various metrics that exhibit the purpose and success of a maturing Detection Engineering program (i.e. MITRE ATT&CK coverage)
· Demonstrated knowledge of threat actor techniques, vulnerabilities, and exploits, and how those present themselves within logs and various endpoint/network artifacts
· Excellent communication and collaboration skills
· Ability to work with a high degree of autonomy
· Excellent analytical skills
· Collaborative team worker – both in person and virtually using WebEx or similar
· Excellent documentation skills; demonstrated proficiency in Microsoft Office including Word, Excel, and PowerPoint
· Ability to work as liaison between business and information security / information technology
· Flexibility to accommodate working across different time zones
· Excellent interpersonal communication skills with strong spoken and written English
· Business outcomes mindset
· Solid balance of strategic thinking with detail orientation
· Self-starter, ability to take initiative
· Project management and organizational skills with attention to detail
Preferred Skills:
· Relevant industry certifications
· Experience working with and creating detections as Sigma rules
· Formal software engineering, DevOps, or data science experience from prior jobs, trainings, or academia
· Hands-on experience building tools and solutions within a public cloud environment, preferably AWS
· Splunk engineering/administration experience
· Experience with PCI-DSS, FedRAMP, and other compliance frameworks and their associated logging and detection requirements
Required Education:
· Bachelor's degree (BA/BS) from four-year college or university; or equivalent training, education, and work experience
· Cybersecurity certifications such as CISSP, CISM, etc.
Powered by JazzHR
htxm0kM3j1