Threat Detection Engineer

About The Position

Requirements

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field (or equivalent practical experience).
• Minimum of 5 years of experience in a security operations role, with a strong focus on threat detection and analysis.
• Proven experience developing and implementing YARA-L rules within Google Security Operations (SecOps) is essential.
• Experience with threat intelligence and its integration into detection strategies.
• Deep understanding of security principles, common attack vectors, and threat actor tactics, techniques, and procedures (TTPs).
• Strong analytical and problem-solving skills with the ability to analyze complex security logs and identify meaningful patterns.
• Proficiency in scripting languages such as Python or similar for automation and analysis.
• Experience working with various security technologies and data sources, including but not limited to: Cloud security platforms (e.g., GCP, AWS, Azure) Endpoint Detection and Response (EDR) solutions Security Information and Event Management (SIEM) systems Network security devices (firewalls, intrusion detection/prevention systems) Identity and Access Management (IAM) systems
• The ability to effectively communicate technical information to both technical and non-technical audiences.
• Ability to work independently and as part of a team in a fast-paced environment.

Nice To Haves

• Relevant security certifications such as Security+, CySA+, GCIH, GCIA, or similar.
• Familiarity with MITRE ATT&CK framework and its application in developing detection rules.
• Experience with SOAR (Security Orchestration, Automation and Response) platforms.
• Knowledge of data science and machine learning concepts as applied to security analytics.

Responsibilities

• Design, develop, implement, and maintain custom detection rules, correlation searches, and alerts within Google Security Operations (SecOps) to identify malicious activity, security incidents, and policy violations.
• Utilize your expertise in the SecOps detection engine and YARA-L syntax to create efficient and effective detection logic.
• Analyze large datasets of security logs and events from various sources (e.g., cloud platforms, endpoint detection and response (EDR), network devices, applications) to identify patterns and anomalies indicative of threats.
• Stay up-to-date with the latest threat intelligence, attack techniques, and security trends to proactively develop new detection strategies.
• Collaborate closely with Security Analysts to tune detections logic based on incident analysis and threat landscape changes.
• Contribute to the development and maintenance of security documentation, including YARA-L rules, response strategies, playbooks, and operational procedures.
• Participate in the evaluation and integration of new security tools and technologies.
• Automate detection creation, threat intelligence gathering, and rule deployment.
• Provide mentorship, training, and guidance to junior team members.

Benefits

• Competitive salary and benefits package.
• A culture of growth and development, with opportunities to expand your knowledge in AI, cybersecurity, and emerging technologies.