Threat Detection Engineer

Legato Security•Salt Lake City, UT

2d•Onsite

About The Position

Legato Security is an information security firm founded upon the belief that every organization has the right to keep its data private and secure. Our mission is to build close partnerships with our clients, serving them not as just a vendor, but as trusted advisors helping to build effective, proactive plans. Our focus is always on both the technical and human elements within an organization. We believe in comprehensive strategies designed to harden networks, deflect attackers, and rapidly recover from any accidents. As technology progresses, so do our tactics, ensuring our experts are always prepared to serve forward-looking leaders eager to stay ahead of emerging threats. Legato Security is seeking a motivated junior or mid-level Detection Engineer to assist with detection engineering efforts. As a Detection Engineer, you will assist with rule creation, rule tuning, creating documentation, assisting with on-going infrastructure projects, and assisting with customer requests.

Requirements

Bachelor's degree in Computer Science, Cybersecurity, related field or equivalent industry experience
3-5 years of experience in detection engineering or a related field (e.g., SOC Analyst, Pen Testing, IT Infrastructure, Network Engineering, or Software Development). Job-specific experience in detection engineering is not required
Familiarity with networking principals (e.g. routing, common protocols, firewall functionality, etc.)
Basic understanding of Windows operating systems (e.g. versions, common exploits, understanding of registries, exposed protocols, common enumeration commands, etc.)
Active Directory Fundamentals (e.g. basic understanding of NTLM and Kerberos, how to use LDAP, understanding of common attacks within Active Directory.)
Understanding of Detection as Code and common exploits
Strong interest in pursuing a career in detection engineering
Ability to quickly learn different tool sets and environments
Strong written and verbal communication skills
Ability to prioritize multiple competing projects, meet deadlines, and work effectively in a team environment

Nice To Haves

Applicants who demonstrate personal learning and curiosity through personal projects will be prioritized. e.g. home labs, personal Github projects, write-ups, blog posts, Hack the Box profile, TryHackMe profile.
Relevant certifications such as OSCP (Offsec), OSDA (Offsec), CPTS (HTB), CDSA (HTB), etc.

Responsibilities

Create, improve, review, and tune detection rules in various SIEMs (e.g., Sumo Logic, Google SecOps, Stellar Cyber). This will include log reviews of customer environments to make informed decisions.
Assist in creating and maintaining documentation for detection procedures, workflows, and active projects.
Collaborate with SOC analysts to improve detection accuracy and reduce false positives
Help maintain and update detection use cases based on emerging threats and customer-specific logs.
Assist in creating regular reports on detection metrics and effectiveness.
Review and respond to internal and customer requests to assist with anything related to detection engineering.
Contribute to declarative and imperative programming projects to assist with detection as code.

Benefits

Start-up company in a growth phase with opportunity for advancement based on performance
Start-up culture with an office in downtown Salt Lake City, UT
Competitive medical and dental benefits for employee and family members
Other voluntary benefits such as short-term disability, life insurance, children’s orthodontia, with additional voluntary benefits available
Flexible Paid Time Off policy
Professional Development opportunities specific to role

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume