Sr Detection & Automation Engineer

About The Position

Requirements

• Educational Background: Bachelor's degree in computer science , Cybersecurity, Information Technology, or a related field. A master’s degree is a plus.
• Splunk or SIEM Related Systems: Proficiency in using Splunk or other SIEM platforms is essential. This includes the ability to create, manage, and optimize detection rules and alerts within these systems.
• Understanding of Logs: Strong understanding of logs and log formats, including how logs flow through various systems. Ability to filter, transform, and normalize data to enrich it for use in cybersecurity alerts and reports.
• Incident Response Experience: Experience in incident response is highly preferred. This includes the ability to quickly identify , analyze, and respond to security incidents.
• System Administration Experience: Experience as a system administrator is highly preferred. This includes a deep understanding of operating systems, network configurations, and security controls.
• GitLab: Proficiency with GitLab for version control and CI/CD pipeline management. Ability to automate and streamline detection engineering processes using GitLab.
• Python: Strong programming skills in Python for scripting and automation tasks. Ability to develop custom scripts to enhance detection capabilities and integrate various security tools.
• Detection Engineering: Ability to build and prioritize detection rules in SIEM platforms to identify malicious activities. Develop, maintain , and document detection logic, rules, and alerts.
• Data Quality Enhancement: Ability to enhance and improve data quality from external sources in the SIEM by understanding current best practices in detection engineering and integration.
• Communication Skills: Effective and professional communication skills for conveying technical and non-technical information to a wide variety of internal and external customers, including organizational leadership.
• Security Research: Ability to regularly monitor the security community for the latest assessment and exploit methodologies. Share findings with the team through newly written tools and/or attack techniques.
• Blue Team Exercises: Experience in designing and implementing blue team exercises, including independently leading components of these exercises.
• Reporting: Ability to prepare and deliver high-quality security information that clearly explains risks, demonstrates findings, and offers tactical and strategic recommendations.
• Metrics Tracking: Ability to track, monitor, and report testing results meaningfully, delivering risk-based security metrics to the enterprise.
• Continuous Learning: Commitment to attending training to stay current with technology and security trends. Ability to incorporate learnings to improve organizational technology and processes.

Nice To Haves

• Experience teaching security concepts (web, mobile, or infrastructure/network).
• Formal software development experience with one or more programming languages such as Python, JavaScript, Java, Ruby, Go, PowerShell, Bash, C#, C/C++, etc.
• Experience automating Amazon Web Services (AWS) and/or Microsoft Azure platform infrastructure, preferably within an Agile/DevOps operating model.
• Proven people leadership skills including the ability to manage small teams and small projects.
• Ability to be a leader in the security industry demonstrated by participation organizing and/or contributing to conferences by giving talks.

Responsibilities

• Leadership: The Senior Detection & Automation Engineer is a leader within the Enterprise Cybersecurity with the expectation to guide and mentor more junior members. This includes overseeing the work performed by junior engineers, mentoring their technical educational activities, freely sharing knowledge, and testing techniques.
• Security Detection Engineering: Prioritizes and builds detection rules for the S IEM platform to identify malicious activities based on knowledge of the inner workings of cyber-attacks. Develops, maintains , and ensures the proper documentation of detection logic, rules, and alerts. Enhances and improves data quality from external sources in the S IEM by understanding the current best state of detection engineering and integration practices.
• Blue Team: Accountable for assisting in the design and implementation of blue team exercises including independently leading components of the exercise.
• Security Research: Accountable for regularly monitoring the security community for, and researching, the latest assessment and exploit methodologies. This work is concluded by sharing the information back to the team in the form of newly written tools and/or attack techniques via informal internal training sessions.
• Reporting: Accountable for preparing and delivering the highest quality security information that comprehensively and clearly explains risk, demonstrates findings, and offers tactical and strategic recommendations to both technical and non-technical internal clients.
• Communication: Effective and professional communication of a variety of topics, including technical and non-technical information, to a wide variety of internal and external customers including leadership from across the organization.
• Ad Hoc Incidents: Accountable for working with the security operations center, incident responders, and technology infrastructure, and development teams as necessary.
• Metrics: Accountable for working with select team members to track, monitor, and report testing results in a meaningful way so that risk-based security metrics are delivered to the enterprise.
• Training: Attend training to stay current with technology and security trends. Incorporates learnings from training to improve organizational technology and processes.
• Perform other duties as assigned.