Senior Engineer, Detection R&D

Marriott Hotels Resorts•Bethesda, MD

11h

About The Position

This role is responsible for enhancing detection coverage and methodology through cyber threat detection research and advanced threat detection prototyping within the SIEM, Security Data Lake, and analytics tools. Research entails analysis and devising detection approaches informed by threat intelligence by the CTI Team, threat models, purple team outcomes, and detection coverage and visibility gap assessments. Development work entails advanced detection prototyping for deployment at scale in partnership with Detection Engineering, Cybersecurity Operations, and Marriott’s business application teams. Candidates should possess either red team or purple team experience as well as expertise in cyber threat detection and response, and a strong understanding of adversarial TTPs. Hands-on skills and creative thinking are essential.

Requirements

Bachelor’s degree in Computer Science, Information Security, or a related field; or equivalent experience and certifications
6+ years of combined experience in detection engineering, red/purple teaming, security analytics, vulnerability management or cyber threat detection roles
3+ years working with Splunk SIEM (Enterprise Security), CrowdStrike NG-SIEM, or developing UEBA/behavior-based threat detections
Hands-on experience with EDR tools such as CrowdStrike Falcon, MS Defender, Sentinel One, etc., and pen testing/vulnerability assessments
Proven ability to develop advanced detection content including correlation rules, behavioral analytics, and threat hunting queries

Nice To Haves

Current advanced information security certifications (e.g., CISSP, CISM, GIAC, OSCP)
Hands on experience with UEBA solutions and building detections leveraging machine learning
Amazon Security Lake experience
Familiarity with cloud security, threat intelligence platforms, and modern security architectures
Experience with scripting/programming (Python, PowerShell, etc.) and automation
Working knowledge of frameworks such as MITRE ATT&CK, MITRE D3FEND, NIST CSF, and ISO/IEC 27001

Responsibilities

Provide mentorship for junior engineers and Detection Engineering resources.
Conduct cyber threat detection methodology research aligned with cyber threat detection coverage gaps, threat modeling, and threat intelligence
Partner with CTI Team, Detection Engineering, Security Engineering and Security Architecture to develop behavior-based detections leveraging AI/ML and other methods
Develop prototype correlation searches, dashboards, reports and alerts within the SIEM, UEBA and Security Data Lake platforms. Partner with CTI Team and Detection Engineering to deploy detections at scale
Share detection approaches, recommendations, developed analytics, and other products of detection research with CTI Teams, Detection Engineering and other teams as appropriate to inform detection development
Facilitate cross-team collaboration sessions to ideate and review detection use cases and detection methodologies
Document and share detection approaches for TTPs, threat models, and monitoring strategies using standard templates and methodologies
Collaborate with CTI Team, Detection Engineering, Security Architecture and Engineering teams to ensure detection coverage aligns with cybersecurity risks and business priorities
Engage and collaborate with other security engineers and architects as needed to keep pace with the evolution of corporate infrastructure and applications and share that knowledge with peers as appropriate
Attend SCRUM and prioritization meetings to review and update deliverables
Drive detection coverage gap improvement and increased detection efficacy
Stay current with emerging threats, adversary tactics, techniques, and detection technologies
Contribute to the development and refinement of detection engineering standards, workflows, and best practices