Key skills
AzureCloudCyber SecurityFirewallsSplunkActive Directory
About this role
Role Overview
- Develop and document new Detection Capabilities for customer environments
- Work with customers to develop a comprehensive strategy for effective detections
- Leverage industry frameworks, such as MITRE ATT&CK Framework, for customer-facing alert improvement roadmap
- Apply knowledge of common detection tools (Azure logging, command line logging, etc.) to advise customers on logging capabilities to expand applicable detection library
- Confidently prioritize log sources for ingestion and enablement
- Evaluate current monitoring and detection capabilities to identify areas for improvement
- Conduct Detection Gap Analyses
- Manage detection capabilities to ensure appropriate coverage, effective operation, and adherence to Deepwatch standards
- Detection Enablement
- Detection Effectiveness (Tuning, Validation, etc.)
- Detection Creation
- Onboard assigned customers, establishing baseline detection coverage and detection enablement plan post onboarding
- Ensure ingested log sources conform to CIM standards
Requirements
- 3–5 years of experience in cybersecurity, detection engineering, threat detection, or security operations
- Experience working for a Managed Security Service Provider (MSSP) or similar cybersecurity organization
- Experience working and querying SIEM tools or other log-based data preferably Splunk
- Experience in engineering event detection & response tuning
- Ability to engineer creative, scalable, and out-of-the-box solutions
- Up to date with engineering best practices, security technology trends, tools, and frameworks
- Experience in developing detections for attacker tactics, techniques, and procedures (TTPs)
- Able to both investigate and create security rules in at least 1 SIEM
- Understanding of general enterprise network architecture and security incident response
- Understanding of common enterprise technologies and logging capabilities including Cloud, IDS/IPS, Firewalls, Active Directory, Anti-Virus/EDR, Proxies, and Email Gateway
- Understanding of various attack frameworks such as MITRE ATT&CK and general adversarial / defensive security techniques (e.g. the Cyber Kill Chain, and NIST)
- Ability to communicate and document technical information effectively towards various audiences.
Tech Stack
- Azure
- Cloud
- Cyber Security
- Firewalls
- Splunk
Benefits
- Medical, dental, vision, and disability insurance
- Flexible Time Off (FTO), 12 company holidays, sick leave and 8-Weeks Paid Parental Leave
- Unique professional development benefits with Annual “development dollars” to support our people growth and development
- Wellness contests and monthly educational programs
- 401(K) retirement program