About The Position

This role is responsible for designing, implementing, and enhancing technical controls and monitoring solutions that detect and prevent unauthorized use of privileged access across the enterprise. This role plays a critical part in identifying anomalous and high-risk access behaviors by leveraging advanced detection tools, including SIEM platforms (Splunk) and endpoint detection solutions (CrowdStrike). The engineer partners closely with Security Operations, IAM, and Infrastructure teams to develop detection use cases, improve visibility, and strengthen the organization’s security posture.

Requirements

  • Bachelor’s degree or equivalent education, training, and work-related experience.
  • Minimum of 5 years of experience in security engineering or related cybersecurity roles.
  • Advanced knowledge in cybersecurity principles, theories, and concepts.
  • Proven experience in software development lifecycle security practices.
  • Advanced knowledge of threat modeling, security testing, and penetration testing.
  • Experience implementing and managing complex information security technologies.

Nice To Haves

  • Experience developing detection use cases and threat hunting techniques for identity-based attacks.
  • Strong expertise in: SIEM engineering and log analysis
  • Behavioral analytics and anomaly detection
  • Identity Threat Detection and Response (ITDR)
  • Experience with PAM tools such as StrongDM and CyberArk.
  • Familiarity with frameworks such as: MITRE ATT&CK (especially credential access and privilege escalation techniques)
  • NIST and CRI Cybersecurity Framework
  • Scripting and automation skills (e.g., Python, PowerShell).
  • Experience integrating multiple data sources (cloud logs, Active Directory, EDR telemetry) into SIEM platforms.
  • Relevant certifications such as: CISSP, GIAC (GCIA, GCIH), CEH, or Security+
  • Strong analytical, problem-solving, and communication skills.

Responsibilities

  • Identify and define unauthorized access scenarios, including credential misuse, privilege escalation, and anomalous account behavior.
  • Develop and tune Splunk/CrowdStrike queries, correlation searches, and alerts to detect suspicious privileged activity.
  • Leverage CrowdStrike (or equivalent EDR tools) to monitor endpoint-level indicators of compromise, lateral movement, and misuse of elevated privileges
  • Build and maintain detection use cases aligned with MITRE ATT&CK techniques related to identity and access abuse.
  • Correlate data from multiple sources (identity systems, logs, endpoints, cloud platforms) to identify potential threats.
  • Partner with Security Operations Center (SOC) and Incident Response teams to escalate and respond to confirmed incidents.
  • Design and implement automated detection and response mechanisms for privileged access risks.
  • Develop scripts or integrations (e.g., Python, APIs) to enhance monitoring, alerting, and reporting capabilities.
  • Continuously improve detection logic to reduce false positives and increase detection accuracy
  • Provide technical expertise to improve visibility into privileged account usage across on-prem and cloud environments.
  • Contribute to enforcement of least privilege and just-in-time access models through monitoring and analytics.
  • Create dashboards and reports in Splunk to track privileged access activity, trends, and risks.
  • Recommend improvements to detection coverage based on threat intelligence and incident learnings

Benefits

  • medical
  • dental
  • vision
  • life insurance
  • disability
  • accidental death and dismemberment
  • tax-preferred savings accounts
  • 401k plan
  • vacation
  • sick days
  • paid holidays
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service