Threat Detection Engineer

About The Position

Requirements

• 2 year degree or equivalent experience
• 3+ years of hands-on experience in detection engineering, security automation, or a similar role.
• Experience with detection engineering and security analytics.
• Experience with EDR, SIEM, and Vulnerability Management technologies.
• Understanding of network security, operating systems, and cloud security.
• Understanding of incident response techniques.
• Analytical, problem-solving and communication skills.
• Security certifications: (e.g. Security+, Splunk/SIEM related certs)

Nice To Haves

• Education BS in Cybersecurity Field
• Experience working with various security technologies and data sources, including but not limited to:
• Cloud security platforms (GCP, AWS, Azure)
• Endpoint Detection and Response (EDR) solutions – SentinelOne
• Splunk
• Network security devices
• Identity and Access Management (IAM) systems
• Experience with Python scripting and SIGMA rule creation (yaml format).
• Experience with incident response.
• Understanding of MITRE ATT&CK framework
• Experience with SOAR platforms.
• Proven ability to work independently.
• Excellent written and verbal communication skills; able to author clear technical documentation and rulesets
• SANS related certifications – GMON, GCDA, etc.

Responsibilities

• Develop and Implement: Create threat detection rules, alerts, and dashboards using Splunk, SentinelOne, and other security tools. Should be comfortable creating SIGMA rules in YAML.
• Analyze Logs: Examine security logs and alerts to identify and investigate potential security incidents. Continuously monitor security logs and network traffic for threats, breaches, and unusual activity. Embed that activity into detection logic and security controls.
• Collaborate: Work closely within the security team to enhance our overall security posture. Administer applications within the EVERSANA security stack.
• Stay Informed: Keep up-to-date with the latest threats, vulnerabilities, and security technologies.
• Maintain Documentation: Contribute to the development and upkeep of security detection database. Will be responsible for maintaining a list of currently deployed detection rules.
• Automate Processes: Streamline security tasks and processes to boost efficiency and effectiveness.
• Incident Response : Respond to security incidents, troubleshoot issues, and remediate as required.
• Demonstrate a commitment to diversity, equity, and inclusion through continuous development, modeling inclusive behaviors, and proactively managing bias.
• All other duties as assigned