Lead Engineer - Threat Detection Operations

Description:

  • Think critically and creatively while analyzing security events, network traffic, and logs to engineer new detection methods
  • Define and implement security detection use cases and cyber hunting exercises
  • Work directly with cyber threat intelligence analysts to convert intelligence into useful detection
  • Collaborate with incident response team to rapidly build detection rules as needed

Minimum Qualifications and Experience:

  • BA/BS in information technology, computer science, or related field OR commensurate experience
  • Familiarity with host and network forensics concepts
  • Ability to analyze packet captures (.pcap files)
  • Experience with Splunk, Arcsight, Logger, or other SIEM-like platform.

Preferred Qualifications and Experience:

  • Experience writing queries using the Splunk Search Processing Language (SPL) or comparable SEIM
  • Experience developing content in ArcSight
  • Ability to write Snort or Suricata Signatures
  • Comfort writing scripts in Python and/or PowerShell
  • Familiarity with application of “cyber kill chain” and “pyramid of pain” concepts
  • Demonstrated ability to analyze details of security events ranging from simple low-sophistication attacks to more advanced adversaries
  • Disk and memory forensics
  • Basic malware analysis
  • MS in information technology, computer science, network engineering, software engineering etc.

Back to top