Detection Engineer

Description

The detection engineer is responsible for developing new rules, testing and validating them, monitoring rule performance, participating in threat hunting activities, and providing technical support during security incidents. Additional responsibilities may include the following:

• Create new rules and configurations based on threat intelligence, security research, and incident response reports.
• Test and validate new and updated rules and configurations to ensure they effectively detect and respond to security threats.
• Collaborate with other engineers and participate in detection-as-code peer reviews and approval process.
• Document rule changes and providing clear and concise reports to clients and management.
• Monitor rule performance and fine-tune them to optimize detection accuracy, minimize false positives, and increase the efficiency of the SOC.
• Collaborating with the SOC to identify opportunities for process improvements and ensure the team's rules and configurations are optimized for effective threat detection and response.
• Provide technical support to the SOC during security incidents, helping to identify and mitigate security threats through creation and or customization of detections.
• Participate in client meetings to provide updates on rule changes and answer any questions they may have.
• Maintaining up-to-date knowledge on the latest security tools and technologies, including CrowdStrike, Microsoft Defender, SentinelOne, IDS/IPS devices, Devo, Splunk, Exabeam, etc.
• Participating in training sessions to ensure knowledge and skills remain current.
  
  

Requirements

• 2-5 years related work experience preferred
• Experience with one or more SIEM platforms
• Experience with one or more EDR platforms
• Strong analytical skills required
• Ability to review reports and system activity logs to identify critical events, prioritize, and escalate as appropriate
• Ability to make meaningful contributions to incident response and threat hunting activities
• Must have excellent written and verbal communication skills and ability to present information to senior management, technical, and non-technical staff
  
  

A Strong Understanding Of

• Common Tactics Techniques and Procedures (TTPs)
• The current threat landscapes
• Endpoint detection and response (EDR) platforms
• Log management (SIEM) systems
• Incident response
• Threat intelligence
• Cyber security
• Information Technology
  
  

Desired

• DFIR knowledge or experience
• Dynamic malware analysis experience
• Network forensics experience
• Experience in Security Operations
• Good understanding of operating systems
• Experience in Version Control (VC) systems, such as git
• Experience with “Sigma” (generic signature format for SIEM systems)
• Experience with attack simulation in a lab environment
• Experience with one modern programming language