Expel
Leading MDR provider trusted by some of the world’s top brands to expel adversaries, minimize risk, & build resilience.
Senior Detection & Response Engineer
Location
United States
Posted
15 days ago
Salary
$142.9K - $207.2K / year
Bachelor Degree3 yrs expEnglishCloudLinuxMac OSPythonTcp/ipGo
Job Description
• Architect, maintain and iteratively improve Expel's ability to detect and investigate threats using integrated technologies with limited direction.
• Continuously improve Expel’s detection strategy and capability through creation of detections for Expel’s proprietary rule engine.
• Maintain documentation in support of Expel’s detection and response content.
• Improve SOC analyst efficiency by automating investigative workflows using an orchestration framework written in Python.
• Collaborate with engineering on Expel’s integrations and engineering standards associated with each class of integration.
• Evaluate technology APIs to design detection and response solutions to drive value and efficiency in Expel’s Workbench platform.
• Contribute to and thrive in a culture of experimentation, agile, quality and continuous improvement among the team.
• Take a leading role in the team’s research and monitoring of the latest threat landscape and subsequent detection and response automation development.
• Communicate effectively with stakeholders on support requests surfaced to the D&R engineering team.
• Mentor less experienced team members and SOC analysts.
• Bridge the Engineering to effectively identify new platform features and tools to better enable the growth of our detection and response capabilities.
Job Requirements
- 3+ years of experience with detection and response tools, particularly EDR, NSM, and SIEM.
- 3+ years of experience writing, deploying and tuning custom detections based on research or investigative work against common data sets (Windows Event Logs, auditd, CloudTrail, and similar datasets.)
- Proficiency of Python, Go or other object oriented programming languages
- Strong understanding of Windows, macOS and Linux operating systems and command line tools.
- Knowledge of networking basics, such as TCP/IP and OSI model.
- Expert knowledge and observations of attack vectors, threat tactics, and attacker techniques.
- Intermediate knowledge of cloud infrastructure platforms and their Identity and Access Management (IAM) models.
- Cursory understanding of common Software-as-a-Service (SaaS) applications and available security signal
- Bachelor’s degree in Computer Science or Information Security strongly preferred.
- 5+ years of professional experience in information technology or security operations would be ideal but not required.
Benefits
- Unlimited PTO (which we model and encourage)
- Work location flexibility
- Up to 24 weeks of parental leave
- Excellent health benefits
Related Guides
Related Categories
Related Job Pages
More Engineer Jobs
Engineer15 days ago
Full TimeRemoteTeam 10,001+Since 1915H1B Sponsor
Decarbonization Engineer performing studies and audits for energy efficiency projects
Engineer15 days ago
Full TimeRemoteTeam 10,001+Since 1982H1B No Sponsor
Device Trust Engineer enhancing Autodesk’s security posture
AWSAzureCloudGoogle Cloud PlatformJavaScriptPython
Engineer15 days ago
Full TimeRemoteTeam 11-50Since 2018H1B No Sponsor
Senior Manufacturing Process Engineer for medical device company improving BCI technologies
Assembly
Product Definition Engineer
Switzerland Global EnterpriseWe support Swiss SMEs in their international business and help innovative foreign companies to establish in Switzerland.
Engineer15 days ago
Full TimeRemoteTeam 51-200Since 1927H1B No Sponsor
Engineer developing products and solutions for Small Modular Reactor technology
Assembly
