This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

We are seeking a talented, motivated Threat Detection Engineer to join our global team. This individual will be a self-starter excited to take on ownership of complex projects with a wide degree of autonomy. This role is unique in its schedule, providing critical weekend coverage during local daytime hours in exchange for a flexible schedule during the work week.

As a Threat Detection Engineer, you will be responsible for designing, implementing, and maintaining systems and logic to identify and neutralize sophisticated cyber threats. You will operate within a high-fidelity Detection-as-Code environment, moving beyond traditional SOC tiers to act as an elite, end-to-end security engineer.

Responsibilities:

• Detection Engineering: Develop, tune, and deploy high-fidelity detections and rules to prevent threats against the firm's systems using a "Detection-as-Code" philosophy.
• Incident Response: Respond to and mitigate active incidents and alerts within our security monitoring systems.
• Threat Hunting: Proactively hunt for sophisticated adversaries targeting our infrastructure by analyzing logging and telemetry.
• Intelligence Action: Process and action threat intelligence reports, converting attacker TTPs into actionable detections across various tools and languages.
• Automation & Coding: Contribute to the firm’s Python-based ecosystem to automate analysis processes and increase detection accuracy.
• Business Collaboration: Work with various business units to gain a deep understanding of internal networks to better inform hunting and risk-modeling strategies.
• Telemetry Analysis: Review and analyze packet captures, media, and network device logs to support risk and detection capabilities.

Qualifications

• Education: Bachelor’s degree in Computer Science, Computer Engineering, or a related technical field.
• Programming: Strong proficiency in Python is mandatory for contributing to our D&R codebase.
• Data Analysis: Experience conducting deep-dive analysis of media, packet captures, and logs. Familiarity with Pandas and Jupyter Notebooks for threat hunting is highly desirable.
• Technical Breadth: Experience with modern SIEM platforms (Google SecOps preferred) and a variety of 3rd party endpoint, network, and cloud security tools.
• Communication: Strong interpersonal skills with the ability to communicate complex technical threats to both technical and non-technical stakeholders.
• Availability: Ability to work a weekend-based schedule (local daytime hours) with flexibility during the week (2 days).

Benefits

• Competitive compensation package commensurate with experience.
• Comprehensive health, dental, and vision insurance.
• Opportunities for continuous professional development and training.
• A collaborative and challenging work environment with state-of-the-art technology.