Detection Engineer

PRIMARY RESPONSIBILITIES:

• Identify gaps in malicious activity detection capabilities
• Create new signatures / rules to improve detection of malicious activity
• Test and tune existing signatures / rules to ensure low rate of false positives
• Assist in playbook development for alert triage and Incident Response
• Define and implement alert and threat detection metrics, statistics, and analytics
• Recommend new tools/technologies to improve network visibility
• Support Incident Response and Forensic operations as required to include static/dynamic malware analysis and reverse engineering
• Author and maintain scripts for threat detection and automation

BASIC QUALIFICATIONS:

The Cyber Threat Detection Engineer SME shall have the following qualifications:

• In-depth knowledge of Firewalls/Proxies/Intrusion Detection Systems/ Domain Name Servers/DHCP/VPN and other network technologies and tools
• Experience updating, maintaining, and creating IDS variables within a complex enterprise network
• Expert in creating, modifying, tuning IDS signatures/SIEM Correlation Searches/yara rules and/or other detection signatures
• Familiarity with disk based forensic methodologies, Windows, and Linux forensic artifacts
• Experience with Endpoint Detection and Response (EDR) tools such as Carbon Black, Tanium, Crowdstrike, etc
• Able to create, modify, update, and maintain Python and Powershell scripts that enhance endpoint detection capabilities
• In-depth knowledge of attacker tactics, techniques, and procedures
• Author, test, and maintain automation scripts within SOAR platform

BS degree in Science, Technology, Engineering, Math or related field and 8 years of prior relevant experience with a focus on cyber security or Masters with 6 years of prior relevant experience.

Should have 5 years of experience serving as a digital media analyst or as a computer forensic analyst.

Ability to work independently with minimal direction; self-starter/self-motivated