Detection and Response Engineer

About The Position

Requirements

• Bachelor's Degree in Information Security, a security related field, or equivalent experience that provides the necessary knowledge, skill and abilities.
• 3+years of real-world cyber experience or an equivalent blend of cybersecurity and data science experience.
• Proficient understanding operating systems (OS), OS normal activities, OS internals, MITRE ATT&CK TTPs mapped to OS, and identifying anomalous behaviors.
• Proficiency with extracting and manipulating data, using scripting languages such as Python, PowerShell, SQL, or others.
• Experience applying data science or statistical methodologies to cybersecurity data using Python and SQL.
• Experience with cloud attack detection and response in cloud infrastructure.
• Demonstrate ambition to further current knowledge and understanding by exploring new concepts and applying to cyber security.
• Are able to obtain a Secret security clearance. If selected, you will be subject to a government security clearance investigation and must meet the requirements for access to classified information. Eligibility requirements include U.S. citizenship.

Nice To Haves

• Master's Degree in Information Security Assurance or security related field.
• Demonstrated ability in operational cybersecurity and incident response in large scale environments.
• Familiarity with data platforms such as AWS Security Lake and Databricks for large-scale data analysis.
• Experience with Assume Breach methodologies and proficient understanding of advanced attack methodologies of Nation State adversaries.
• Proficient knowledge of the MITRE ATT&CK framework.
• Technical experience in some of the following areas: Endpoint Detection & Response, Active Directory and authentication anomalies, Suricata, Zeek, Full Packet capture technologies, Firewall, Proxy, and Sandbox technologies.
• Experience with memory analysis, host-based anomaly detection, network anomaly detection, and authentication anomaly detection.
• Experience leveraging Large Language Models to enhance detection and response capabilities.

Responsibilities

• Create novel detections in Python, SQL, and similar scripting languages based on a deep understanding of adversarial tradecraft.
• Bring together data-driven analytics and traditional detection engineering to stay ahead of sophisticated threats by developing and deploying novel tooling that may improve Machine Learning, Statistical methods, or Large Language Models to enhance detection, investigation, and response capabilities.
• Hunt for advanced threats by analyzing data through hypothesis crafting and iterative searching through data to identify malicious behaviors.
• Develop and enhance processes, work flows, and detections to quickly identify and respond to potential incidents.
• Collect evidence to include digital media, logs, and malware to perform analysis associated with cyber intrusions.
• Participate in projects and multi-functional security teams requiring interaction with IT operations.

Benefits

• We offer a vibrant, welcoming atmosphere where you can bring your authentic self to work, continue to grow, and build strong connections with inspiring teammates.
• Our employees enjoy generous benefits, including a robust education assistance program, unparalleled retirement contributions, and a healthy work/life balance.