Advanced Defensive Detection Engineer

About The Position

Requirements

• Minimum of 5 years of experience where specific detection engineering like functions were performed. This might include threat hunting, security operations center management, threat research and development, data science and data mining.
• Experience in advanced threat modeling, detection-as-code pipelines, MITRE ATT&CK mapping, alert triage, basic rule tuning, custom logic, threat hunting, and detection-as-code.
• Experience in threat simulation, including adversary simulation, custom tooling, Red team collaboration, and scripting emulations.
• Experience in systems in infrastructure including secure architecture design and cloud-native controls.
• Experience in full-stack scripting, automation frameworks, advanced scripting with low error rates in Python, PowerShell, SPL, SQL, KQL, and regex.
• Experience in network forensics, encrypted traffic analysis, TCP/IP, DNS, HTTP, IDS/IPS, proxy logs, VPN analysis.
• Experience in analysis, including anomaly detection, advanced statistics (e.g., probability, distributions, estimating, hypothesis testing, regression, correlation, Markov Chains, Monte Carlos, LaPlace, Rule of Five, Bayes' theorem, machine learning, k-nearest), and creation of statistical models.
• Experience with data engineering, including parsing, dashboards, API design, and related concepts.
• Awareness of compliance, including aligning detection strategy with global financial regulations, ISO 27001, EU GDPR, PCI-DSS, EU DORA, SOX, NIST CSF, US OCC Part 30 Safety and Soundness Standards, and financial compliance frameworks.
• Experience with payment systems, classified systems, or other critical environments.
• Experience presenting to and advising executives.
• Knowledge of cyber security threat actors particularly their tactics, techniques, procedures, tradecraft, and noteworthy attacks.
• Knowledge of cybersecurity principles and practices, including defense in depth.
• Knowledge of computer network protocols.
• Knowledge of risk management processes.
• Knowledge of cybersecurity law, regulations, and industry best practices.
• Knowledge of system design tools and techniques.
• Knowledge of server administration and principles and practices.
• Knowledge of software engineering principles and practices.
• Knowledge of enterprise information technology (IT) architecture principles, practices and reference models.
• Knowledge of systems engineering processes, principles and practices.
• Knowledge of hardware and software reverse engineering tools and techniques.
• Knowledge of secure software development, deployment, and maintenance.
• Knowledge of agentic AI systems, and their use in the continuous monitoring process to reduce the time from detection to response.

Nice To Haves

• Possess a Postgraduate degree in computer science, information security, engineering, data science, mathematics, or another relevant field.
• Experience working with information security teams such as fusion centers, security operations centers, vulnerability assessment, vulnerability threat management, security incident management, cyber “hunt,” and big data analysis.
• Experience working with law enforcement agencies and external audit organizations for investigations, audits, and similar activities.
• Self-starter, self-motivated, and able to work independently with little oversight while managing a large, globally distributed team.
• Highly polished presentation skills, with the ability to simply and convincingly present technical issues to non-technical audiences.

Responsibilities

• Interpreting threat models and conduct research to write and diagram discrete and detectable threat tactics, techniques and procedures (TTPs)
• Serve as an expert advisor on detecting TTPs for executives.
• Write Technique Research Reports (TRR) or similar reports to document attack technique research and modeling to assist cybersecurity practitioners to understand, emulate, and detect cyber-attacks.
• Develop and implement new detection rules for applications, and cloud and on-premises systems.
• Triage, prioritize, and take appropriate action to address requests for detection rule corrections and/or enhancements.
• Test and tune threat detection rules within detection (e.g., SIEM, EDR) and other tools.
• Monitor, maintain, and refresh SIEM look up tables and various other tables.
• Implement automated detection rule metrics to identify performance issues and opportunities to increase efficiency, fidelity or possible retirement.
• Validate and document detection requirements, search criteria, test cases, and other development lifecycle artifacts through use of appropriate documentation libraries and development tracking tools.
• Document and maintain assets, scripts and processes to test SIEM/EDR rules for reuse.
• Partner with other Fusion Center teams to align detection strategy with threat model and MITRE ATT&CK framework.
• Partner with purple team, various security, risk, IT and business professionals to validate and document threat detection goals.
• Provide guidance in alert creation among various security controls such as EDR, IDS, Cloud, email gateways, etc.
• Analyze, influence, and recommend.
• Collaborate with various teams to learn, document, and maintain a library of various IT processes, naming conventions, assets, configurations, and other considerations that can be leveraged to improve security capabilities across the organization.

Benefits

• retirement savings plan (401K) with company match
• insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages
• paid-time off including vacation, sick leave, short term disability, and family care responsibilities
• access to our Employee Assistance Program
• incentive compensation including eligibility for annual performance-based awards
• inclusive development opportunities
• flexible work-life support
• paid volunteer days
• vibrant employee networks