Threat Detection Architect Dallas or Detroit metro

ComericaLake Angelus, MI
252d
Match Resume

About The Position

The Threat Detection Architect is responsible for establishing and maintaining the detection targets / roadmaps and overseeing process / execution of detection content and use cases through collaboration with Operational and Engineering teams. The architect will perform analysis on and recommend solutions for detection gaps to build an ecosystem of robust detection rules across multiple security tools to address Cyber threats. The architect will provide subject matter expertise, mentorship, and leadership in the utilization of tools across the environment to complete and resolve the most complex security investigations. When needed, the architect will provide the highest level of technical capabilities and support across security tools in the environment to investigate, contain, and mitigate the impact of complex/critical security incidents. This role reports directly to the Director of Cyber Defense Operations. The Cyber Defense Operations team is responsible for the protection, monitoring, detection, response, and recovery from security incidents across Comerica's environment. The team includes, amongst others, the Security Operations Center (SOC) and Threat and Vulnerability Management (TVM). The TVM team includes Cyber Fraud Operations, Threat Hunting, Threat Intelligence, and Vulnerability Management. The Threat Detection Architect role resides at the epicenter of these two core Cyber Defense teams, providing support to the SOC and TVM teams in the identification and creation of detection content and is ultimately responsible for the lifecycle of detection content. The ideal candidate will have Cybersecurity / IT certifications (e.g. CompTIA Network+, CompTIA Security+, GCIA, GCIH, GREM, or GPEN).

Requirements

  • Bachelor's Degree in Computer Science, Engineering, Information Systems, or Cyber Security -- OR -- High School/GED with 12 years Progressive Relevant Experience.
  • 6 years of Information security/technology experience, preferably in a SOC, NOC, Threat Intelligence, or Threat Hunting.
  • 5 years of experience using various operating systems and industry standard monitoring, logging, alerting and investigation processes.
  • 5 years of incident response experience.
  • 3 years of experience with scripting skills in common languages (e.g. PowerShell, Python, Java, Bash).
  • 3 years of experience performing forensics on payloads across multiple attack vectors.
  • 3 years of experience in designing detection rules for SIEM and other supplemental platforms.

Responsibilities

  • Establish and maintain threat detection coverage targets.
  • Collaborate closely with the Threat Intelligence team to perform research on current threats and adversaries that target institutions similar to Comerica.
  • Conduct regular analysis of the current state of detection rules within Comerica's security suite of tools against the threat landscape to identify coverage gaps and areas for improvement.
  • Perform innovative detection development through hypothesis and supporting research.
  • Propose and ensure validation of detection rules, in collaboration with the SOC and TVM teams.
  • Identify and evaluate vendors, products, and solutions to enhance threat detection.
  • Participate in the testing and rollout of proposed rules across the environment.
  • Upkeep and maintain the system of record for detection use cases.
  • Update MITRE ATT-CK mapping within the system of record.
  • Support response to major incidents by developing custom rules to detect anomalies.
  • Collaborate with other Engineering and Operations teams within Comerica to troubleshoot, respond, and improve detection capabilities.
  • Perform advanced technical and forensic analysis for payloads used by threat actors.
  • Provide recommendations on remediation plans for critical incidents.
  • Provide advanced subject matter expertise across malware, phishing, cloud access security brokers (CASB), network, and configuration compliance domains.
  • Provide clear direction and documentation to Cyber Engineering teams.
  • Maintain and provide accurate executive/compliance reporting on detection coverage.
  • Participate in the development/enhancement of processes and technologies impacting the Cyber Defense Operations function.
  • Handle sensitive information in accordance with the Corporate Information Protection Policy.

Benefits

  • Comprehensive Total Rewards package designed to recognize and reward individual performance.
  • Health and welfare programs.
  • Strong retirement benefits.
  • Generous paid time off programs.
  • Medical, dental, and vision benefits.
  • 401(k) and pension.
  • Income protection benefits such as life insurance, AD&D, and supplemental health programs.
  • Variety of time off programs for vacation, sick time, disability, and parental leave.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Senior

Industry

Credit Intermediation and Related Activities

Education Level

Bachelor's degree

Job Search Resources

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service