Looking for a Threat Detection Engineer to work as a member of the Cyber Operations Team. The primary focus for this role is to operate & maintain robust analytics/detection infrastructure to support the teams threat monitoring capabilities and triage efforts across a suite of security monitoring tools. The candidate will be a subject matter expert on the design, implementation, deployment and maintenance of scalable security monitoring systems and processes, with an emphasis on creating a high signal-to-noise ratio for alerts.
- The successful candidate will possess deep tactical knowledge and will work as part of a team enhancing detection capabilities on the current platform.
- The primary function of the role will be to find new methods to find malicious anomalies in the environment from data collected by our solutions.
- The output of this may be in the form of rules, analytics, and/or product enhancements.
- The ideal candidate will be an articulate, passionate, and experienced incident responder who loves to both learn and to pass that learning on to others.
- We are looking for you to have 5+ years in the information security incident detection/response field, including:
Design & engineering of large, performant and distributed cybersecurity systems
Aggregation, normalization and enrichment of various event feeds and sensor data
Development & testing of new heuristic/correlation detection rules
Development of new search filters & dashboards
Event detection & response tuning
Data warehouse tuning & optimization
Integration of diverse cyber threat intelligence sources
- In addition, the candidate should possess a strong intuition for curating and integrating useful 'observables' from network/host sensors for the development of detection rules and incident analysis.
- The candidate will be expected to balance economy with completeness when integrating data sources into the SIEM.
- The ability to articulate the utility of a data source for incident analysis and response of any given threat scenario is highly valued.
- Although not the primary responsibility, the candidate is expected to have prior experience with security incident analysis, investigation and remediation on a tier 2 level or higher.
- Bachelor's degree in Computer Science from a recognized and approved program. An advanced degree is preferred.
- Strong experience in Cyber security, including at least 5+ years in incident response, cybersecurity engineering, and threat intelligence analysis.
- Holding one of the following certificates: Certified Integrator/Administrator (various SIEMs), Certified Ethical Hacker (CEH) or CCNA.
- Understands common protocols such as: DHCP, LDAP, SNMP, SMTP, HTTP, SSL.
- Demonstrates strong understanding of security concepts, best practice and tools.
- Understanding log format and source data for SIEM.
- Solid experience on developing custom parsers.
- Deep experience on integration of SIEM with other systems.
- Must have solid information security and threat intelligence knowledge.
- Must be self-motivated; possess strong organizational skills and the ability to manage multiple assignments verbally given; possess exceptional interpersonal, collaborative and communication skills; have the ability to assimilate business objectives and transform them into actionable Engineering initiatives.
- Experience working effectively across organizational and functional boundaries to gather information related to data sourcing, usage or technologies
- Analytic to understand business processes, financial calculations, capacity and demand forecasting, data flows, host systems, applications and stakeholder involvement and interaction with data.
- Experience working with multiple data analysis, reporting tools and technologies, and BI tools like Tableau, Power BI, etc.
- Strong skills with the Microsoft Office product suite, including Word, Excel, Visio and PowerPoint
- Demonstrates ability to perform detail-oriented work with a high degree of accuracy.
- Self-directed and self-motivated individual who takes complete ownership of the data processes and its outcome.
- Strong organizational skills, planning skills and must work effectively within teams.
In order to drive effective improvement to threat detection systems and processes for the Cyber Operations Team, the candidate should also possess at least 1 of the following complementary skillsets:
- Network/System forensics and intrusion analysis
- Incident timeline construction and root cause analysis
- Advanced PCAP analysis
- Malware analysis and reverse engineering
- Advanced scripting & automation
- Network Pen testing
- Advanced Threat hunting using frameworks such as HELK
If you think you are a good fit for this position, please don’t hesitate to apply now!
PeopleWare Staffing, Inc. is dedicated to placing quality individuals into contract and full-time positions. There is no fee charged to our candidates or contractors. Our philosophy is to keep everyone's best interest at heart and make sure there is a good match on skills and personal interests.
PeopleWare offers its contractors health, dental, and vision insurance, along with a 401(k) plan with a matching contribution. For more information please visit our website: www.PeopleWareStaffing.com
Please Note: - We are unable to sponsor H1-B visas at this time. - No third party candidates will be considered for this position. - U.S. citizens and those authorized to work in the US are encouraged to apply.