Threat Detection Engineer

Threat Detection Engineer

Fulltime

Dallas, Texas

IMMEDIATE NEW JOB OPENING for a fulltime Threat Detection Engineer to join our client s team in Dallas. This role will be focused on using technology to detect adversarial activity. You ll leverage tools like SIEM, EDR, XDR and SOAR and use industry standard framework such as MITRE ATT&CK and Unified Kill Chain to ensure maximum visibility against the tactics, techniques and procedures employed by our customers adversaries. The ideal candidate will have a good understanding of offensive techniques coupled with a defensive mindset and plenty of hands-on experience designing detections.

Responsibilities:

• Develop and implement security use cases to improve the visibility of the threat landscape

• Document and communicate detection capabilities utilizing multiple industry standard attack frameworks including MITRE ATT&CK, the Cyber Kill Chain, and NIST
• Communicate cybersecurity best practice and best practical solutions to both internal and external teams to improve security maturity for organizations
• Research and develop new detection capabilities in an ever-changing threat landscape
• Perform log management ensuring appropriate security relevant logging within SIEM platform
• Conduct open ended analysis against large datasets
• Research and deconstruct cyber-attacks into sequenced indicators of compromise (IOC) and develop security use cases from indicators of compromise detectable through security device logs
• Make tailored recommendations for optimal logging levels based on an organization s security stack
• Help train and develop Junior Threat Detection Engineers
• Assist and communicate solutions to complex client Threat Detection requests

Required Skills:

• 3 years of Threat Detection experience
• Experience investigating and creating security rules for at least 1 SIEM
• Experience with various attack frameworks such as MITRE ATT&CK, the Cyber Kill Chain and NIST
• Experience with enterprise network architecture and security incident response
• Understanding of common enterprise technologies and logging capabilities including Cloud, IDS/IPS, Firewalls, Active Directory, Anti-VirEDR, Proxies, and Email Gateway
• Ability to communicate and document technical information effectively towards various audiences
• Able to demonstrate integrity, leadership, teamwork, and results
• Have time management skills, strong attention to detail, and ability to perform in all key areas of the role
• Staying up to date with recent cyber-attacks and trends

Nice to have Skills:

• Knowledge of Sumo Logic and Splunk
• Proficient in Scripting languages or programming experience
• Proficient in Regular Expression
• Threat Hunting experience
• Red Team experience

**To view all of our open positions, please visit: .