Principal Detection Engineer

Principal Detection Engineer

REMOTE

About the Role: 

As a Principal Detection Engineer, you will play an integral role in developing and advancing our threat detection capabilities. You will be responsible for spearheading the identification of emerging threats and pioneering innovative detection methods to secure our clients' digital environments. As a leader, mentor, and innovator on our Detection Engineering team, you will act as an internal and external point of contact for escalations. 

You will have the opportunity to work on cutting-edge technologies and collaborate with a team of talented security professionals to drive innovation in the field of cybersecurity. Your deep expertise and strategic insight will be instrumental in elevating our cybersecurity offerings, ensuring our customers remain protected against the most sophisticated threats in an increasingly complex digital landscape.

Responsibilities:

• Oversee and advise the deployment and tuning of security tools and technologies.
• Check and suggest improvements to code, give feedback, and approve work by the detection engineering team.
• Coach, mentor, and support junior detection engineers, ensuring timely and successful task completion and fostering an environment of continuous learning and improvement.
• Regularly assess team projects, providing appropriate support, guidance, or training.
• Build new alerting techniques and enhance existing alerts.
• Conduct in-depth research and analysis of emerging cyber threats, attack vectors, and vulnerabilities to proactively identify potential risks.
• Stay current with the latest threat landscape and integrate threat intelligence data into detection mechanisms.
• Collaborate with SOC management and analysts to improve alerting workflow.
• Improve efficacy of telemetry collection and threat detection rules. 
• Foster cross functional relationships with other department engineers to align goals and transfer knowledge.
• Help create documents, reports, technical advisories, and whitepapers for internal and external stakeholders.
• Participate in sprint demo/planning and other team or project meetings.

Technologies: 

• Expert SIEM / SOAR Knowledge: Be able to effectively use SIEM / SOAR platforms to build queries, alerts, actions, etc.
• Advanced Data Query Experience: Must be able to write and transform queries from one language to another
• Advanced Windows Experience: Logging / Log Analysis / Log Alerting 
• Intermediate Linux Experience: Must know how to operate on a Linux CLI
• Cloud Application Logs & Monitoring: Familiarity with AWS, Azure, GCP, and O365 is a plus
• Ticketing & Collaboration Tools: Efficiently utilize internal ticket queues and development management platforms (Atlassian JIRA/Confluence experience a plus)
• Programming: Experience with programming in Python is a plus

Knowledge and Skills: 

• Bachelor's degree in Computer Science, Engineering, related field, or equivalent work experience
• 7+ years of experience in threat detection 
• Certifications such as CISSP, CEH, OSCP, Security+, GIAC or equivalent are a plus.
• Expert knowledge of network protocols, operating systems and security technologies.
• Strong understanding of threat landscapes, threat intelligence, and threat hunting methodologies. 
• Experience with tools used for threat hunting and knowledge of various attack vectors
• Strong understanding of cyber threats, attack methodologies, and vulnerability assessment.
• Significant experience with Security Information and Event Management (SIEM) systems
• Excellent communication and collaboration skills, with the ability to work effectively in a team environment
• Analytical Thinking: Break down the fundamental components of a problem or situation, examine the relationship between them, verify all pertinent facts and draw an appropriate conclusion.
• Applied Technical Thinking: Able to apply specialized, theoretical knowledge to efficient operational uses.
• Multitasking: Able to multitask effectively and shift focus easily and rapidly from one task to another.