Lead Engineer - Threat Detection Operations
- Think critically and creatively while analyzing security events, network traffic, and logs to engineer new detection methods
- Define and implement security detection use cases and cyber hunting exercises
- Work directly with cyber threat intelligence analysts to convert intelligence into useful detection
- Collaborate with incident response team to rapidly build detection rules as needed
Minimum Qualifications and Experience:
- BA/BS in information technology, computer science, or related field OR commensurate experience
- Familiarity with host and network forensics concepts
- Ability to analyze packet captures (.pcap files)
- Experience with Splunk, Arcsight, Logger, or other SIEM-like platform.
Preferred Qualifications and Experience:
- Experience writing queries using the Splunk Search Processing Language (SPL) or comparable SEIM
- Experience developing content in ArcSight
- Ability to write Snort or Suricata Signatures
- Comfort writing scripts in Python and/or PowerShell
- Familiarity with application of “cyber kill chain” and “pyramid of pain” concepts
- Demonstrated ability to analyze details of security events ranging from simple low-sophistication attacks to more advanced adversaries
- Disk and memory forensics
- Basic malware analysis
- MS in information technology, computer science, network engineering, software engineering etc.
Meet Some of Target's Employees
Technology Leadership Program
As part of the Technology Leadership Program, Ashley creates great programming tools and works on creating and perfecting Target’s text messaging API.
Back to top