Senior Threat Detection Engineer

About The Position

Requirements

• Cyber Security professional with over 10 years, including at least 8 years hands on experience in Threat Detection, Threat Hunting, Security Incident Response, and managing significant security incidents and breaches.
• Experience and expertise in developing and refining threat detection methodologies is a prerequisite. This proficiency in leveraging security logs from multiple log source types which includes network infrastructure, endpoint devices, public and private cloud substrates and SaaS A comprehensive grasp of log structure, data normalization techniques, and the capacity to isolate critical security incidents is imperative.
• Strong proficiency and experience in log correlation techniques to identify patterns and anomalies indicative of malicious activity.
• Demonstrate expertise in constructing complex search queries using languages such as SPL, YARAL and other query languages to analyze large volumes of data.
• Possess strong data analysis skills to interpret query results, identify false positives, and fine-tune detection rules for optimal efficacy.
• Demonstrate in-depth knowledge of fundamental security principles, common attack vectors employed by threat actors, Tactics, Techniques, and Procedures (TTPs) used throughout the cyber kill chain, and relevant security frameworks such as the MITRE ATT&CK framework. This understanding is crucial for developing context-aware and effective detection strategies.
• Possess practical experience in working with a variety of security tools and technologies, including Security Information and Event Management (SIEM) systems for centralized log analysis and alerting, Endpoint Detection and Response (EDR) solutions for endpoint visibility and threat mitigation, Network Detection and Response (NDR) tools for network traffic analysis and anomaly detection, and Security Orchestration, Automation and Response (SOAR) platforms for automating incident response workflows.
• Demonstrate the ability to effectively handle and analyze large and complex datasets, identifying meaningful security insights and trends from vast amounts of information. This includes understanding data processing pipelines, performance considerations when querying large datasets, and the ability to synthesize findings into actionable intelligence.
• 6 to 8 years of experience in relevant areas like threat detection or security incident response.
• Knowledge of writing detections based on network, host, OS, and other logs.
• Experience with correlation and complex log analytic queries.
• Coding experience with Python or other languages for automation.
• Ability to correlate multiple log sources for effective adversary detection.
• Good knowledge of security fundamentals, attack scenarios, and MITRE framework.
• Understanding of configuration and logs from advanced security tools.
• Effective communication and collaboration skills.
• 10 to 14 years of experience Cyber Security with at least 8 years in Threat detection, Threat Hunting, Security incident response, handling major incidents and breaches or related experience
• Good knowledge of writing detections based on Network , Host , OS and other relevant logs
• Experience writing correlation and complex log analytic queries involving multiple log sources
• Experience coding with Python or other common coding languages to automation tasks
• Ability to correlate between multiple sources of logs to write and effectively detect adversaries
• Good knowledge of security fundamentals, of least privilege, Vulnerabilities, attack scenarios, MITRE framework, kill chain that help detect and respond to an attack.
• Good knowledge of understanding configuration and logs from various advanced security tools such as EDR , NDR , NGAV , Email Security Gateway etc
• Effective communication & collaboration skills with multiple teams within Security Organisation , Data Science and other partner teams.

Nice To Haves

• Hands on experience with any log aggregation/SIEM tool such as and not limited to Splunk , Elastic (ELK), FLINK , Chronicle etc
• Hands on Experience with public cloud, such as AWS or Azure or GCP, especially Public cloud security.
• Undergraduate degree in cyber security, computer science, information technology, or similar subjects.
• Experience working in a globally distributed team leveraging documentation and async communications as needed
• Prior experience or basic knowledge on DS algorithms and methodologies
• Experience on automation platform such as SOAR would be preferred
• Experience on automation platform such as SOAR would be preferred
• Hands on experience with any log aggregation/SIEM tool such as and not limited to Splunk , Elastic (ELK), FLINK , SQL etc
• Experience with public cloud, such as AWS or Azure or GCP, especially Public cloud security.
• Undergraduate degree in cyber security, computer science, information technology, or similar subjects.
• Experience working in a globally distributed team leveraging documentation and async communications as needed
• Prior experience or basic knowledge on DS algorithms and methodologies

Responsibilities

• Write logic on a wide variety of security platforms to detect malicious activity in various stages of the attack lifecycle.
• Build attack simulation scenarios, reproduce attack scenarios, and test the effectiveness of yours and your peers logic.
• Partner with the engineering teams to develop technology that enables this work.
• Closely collaborate with the incident response team to improve the reliability and quality of alerts.
• Take on complete ownership of a technical area, responsible for delivering all necessary research and features to achieve our team’s goals in that area.
• Work across teams in multiple geographies to deliver on initiatives with many moving parts.
• Lead broad initiatives that go beyond our own work.
• Innovate and come up with creative ways to solve the problems that we and our customers face.

Benefits

• time off programs
• medical
• dental
• vision
• mental health support
• paid parental leave
• life and disability insurance
• 401(k)
• employee stock purchasing program