Principal Detection Engineer

The Company

Every day, NuHarbor Security improves the cybersecurity of our clients by making it stronger and easier to understand. Our comprehensive suite of security services, from strategic advising to 24-hour monitoring and management, provide an organizational view of security that is focused on results and recommendations that are valuable for both business and technical leaders. We're growing quickly because our clients, and the general market, are looking for these outcomes and for the data it gives them to explain, promote, and justify, their security investment and mission.

The Role

The Principal Detection Engineer leads the Detection Engineering team, which develops and maintains NuHarbor's security content library. he Principal Detection Engineer focuses custom development on 0-day and edge-case threats, efficiently delivering detection, correlation, alerting, AI/ML analytics, runbooks, playbook templates, and response plans across the MSSP client base.

What you'll do

• Live the NuHarbor Values: Protect the House, Help Clients Win, Always Improve
• Define strategies for turning security signals into detections, generating alerts optimized for automation, and when necessary, presentation to analysts who investigate and take necessary actions.
• Implement detections to threats or threat actors and vulnerabilities using rule-based, behavioral, and machine learning analytics.
• Play a key role in executing our detection and automation strategy, providing contextual data to make alerts binary, analysis more efficient, and defenses more effective for our clients.
• Operate and maintain custom tooling, including CI/CD pipelines, to deliver content to client environments reliably, and consistently, driven through a GitOps workflow.
• Continuously collect and analyze telemetry from detections in the field and tunes them for quality.
• Works with Product Management and Threat Intelligence teams to prioritize and develop detection capabilities.
• Explores customer data to test detection hypotheses.
• Provides guidance and mentorship to Detection Engineering Team members, clearing a path to excellence with enthusiasm and confidence.
• Communicates complex detection engineering concepts with audiences of varied technical understanding, from business stakeholders, sales, engineering teams, and clients.
  
  

Your foundation. The requirements for this role:

• Bachelor's degree and 10 years' experience in common programming languages used in security technology integration: Python, SQL or KQL, and scripting languages (PowerShell/Bash).
• Typical Degrees: Information Technology, Information Systems, Computer Science, Computer Engineering, Software Engineering or related field(s).
• In lieu of a degree, two (2) years of experience in a related technology field and relevant industry certifications are required.
• Knowledge and expertise in keySIEM techniques and technologies such as Splunk, Splunk Enterprise Security (ES).
• 5 years' experience developing detections in a multivendor SIEM environment, preferably Splunk and Sentinel
• Demonstrated aptitude communicating complex engineering concepts to audiences of varied technical understanding, including business stakeholders, sales, engineering, and customers.
• Experience inSecurity Operations Center (SOC) content development and automation implementations.
• Experience in engineering event detection & response tuning.
• Significant experience with DevOps practices and CI/CD systems.
• Knowledge of network, system, and application layer attacks and mitigations.
• Experience in cybersecurity threat operations, including the processes of collection, processing, correlation, alerting, and response actions taken in defense of varied application environments.
• Must be a citizen of the United States.
  

Additional capabilities that will differentiate you for this role:

• Experience developing AI/ML driven detections using Big Data.
• Experience in Splunk Processing Language (SPL).
• Knowledge of MITRE ATT&CK framework and general adversarial / defensive security techniques.
• Familiarity with the NIST Cyber Security Framework (CSF), common security controls and their purposes, and technologies that supply those controls
  
  

The Rewards

What you can expect:

• The engagement and support of company leadership who recognize the challenge of marketing a complex cybersecurity service in a chaotic market.
• An organization that recognizes and rewards employee commitment and contribution to our customers' satisfaction and success
• Growth in your career and capabilities as you help to chart a path to improving customer interactivity and service adoption.
• A collaborative and driven working environment in a rapidly growing company and market
• A fun and social working environment where you are encouraged to be your true self.
  
  

You can also expect competitive salary and benefits, including paid time to give back in your community and generous PTO.

We are purpose driven. We, as an organization, above anything else protect the house first and then help our customers win. If this sounds like the kind of organization you'd like to be a part of, we'd like to hear from you.

AAP/EEO Statement

The Equal Employment Opportunity Policy of NuHarbor Security is to provide a fair and equal employment opportunity for all associates and job applicants regardless of race, color, religion, national origin, gender, sexual orientation, age, marital status or disability. NuHarbor Security hires and promotes individuals solely based on their qualifications for the job to be filled.

NuHarbor Security believes that employees should be provided with a working environment which enables each associate to be productive and to work to the best of his or her ability. We do not condone or tolerate an atmosphere of intimidation or harassment based on race, color, religion, national origin, gender, sexual orientation, age, marital status, or disability. We expect and require the cooperation of all employees in maintaining a discrimination and harassment-free atmosphere.