Cyber Threat Detection (Alert Development), Principal Associate

About The Position

Requirements

• Previous experience with a detection engineering, threat detection, or detection operations team
• Extensive experience in SQL
• Strong understanding of attacker TTPs, red team methodologies, and translating offensive security insights into detections
• Excellent analytical, communication, and leadership skills
• Must be able to perform root cause analysis independently or collaboratively with team
• Customer service and stakeholder engagement skills
• Strong decision-making and strategic thinking in threat detection
• High School Diploma, GED, or equivalent certification
• At least 3 years of experience in Information Technology or Cyber Security
• At least 2 years of experience with host, cloud, application or network logs
• At least 2 years of experience developing alerts for threat detection
• At least 2 years of pentesting or offensive security experience

Nice To Haves

• Bachelor’s Degree in Information Technology, Cyber Security or Computer Science or similar programs
• 4+ years of experience in Threat Detection, Threat Hunting, or Security Engineering
• 4+ years of experience with data science concepts and techniques
• 4+ years of experience with Python
• 1+ years of experience in publishing code to Github
• GCIA, GCIH, CISSP, GMON, GREM, GCTD, MLE, OR Cloud (GCP, AWS) certifications

Responsibilities

• Develop, deploy, and maintain using Detection-as-Code methodology and MITRE ATT&CK framework to measure coverage
• Develop signature and behavioral based detections
• Work with partners and stakeholders to onboard additional detection capabilities and tooling
• Ability to conduct proactive threat research across enterprise environments using hypothesis driven methodologies
• Develop and implement best practices to identify malicious activity in a dynamic, fast-paced environment
• Understand the business drivers of the enterprise and partner with relevant stakeholders to ensure robust monitoring and expanded coverage across our hosts, networks, and applications.
• Demonstrate a deep understanding of adversary techniques and emerging threats that could impact business operations
• Respond to inquiries from regulatory entities, risk management and audit teams, providing clear and complete documentation of procedures and workflows
• Experience mentoring junior engineers and contribute to a culture of continuous improvement and knowledge sharing
• Ability to articulate security risks and detection strategies to technical and executive audiences

Benefits

• Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being.
• Learn more at the Capital One Careers website.
• Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.