Senior Detection Engineer
REMOTE, US
About the Role:
When it comes to data, do you Excel? Are you fluent in data queries, no matter the language? Can you play nice with both humans and machines? Then you’re in luck! We’re looking for a talented Sr. Detection Engineer who wakes up ready to seize the data (see what we did there?!).
As a Sr. Detection Engineer, you will play a crucial role in developing and enhancing our threat detection capabilities. You will be responsible for identifying emerging threats, analyzing attack techniques, and devising effective detection methods to secure our clients' digital environments. Also acting as a point of contact for other teams or stakeholders requiring support on detection-related issues and customer issue escalations, as well as an escalation point for other Detection Engineers. Your expertise will contribute to the ongoing improvement of our cybersecurity products and services, ensuring our customers' peace of mind in an ever-evolving threat landscape.
Responsibilities:
- Oversee/advise in the deployment and tuning of security tools and technologies.
- Regularly assess the readiness and capabilities of team projects and tasks, providing appropriate support, guidance, or training as needed.
- Build new alerting techniques from an ever growing list of data sources, as well as improve existing alerts.
- Conduct in-depth research and analysis of emerging cyber threats, attack vectors, and vulnerabilities to proactively identify potential risks.
- Stay current with the latest threat landscape and integrate threat intelligence data into detection mechanisms.
- Coach and mentor junior detection engineers, provide oversight to junior team members to ensure timely and successful task completion, fostering an environment of continuous learning and improvement.
- Work closely with SOC management and analysts to improve alerting workflow.
- Improve efficacy of telemetry collection and threat detection rules.
- Foster cross functional relationships (kumbaya) with other department engineers to align goals and transfer knowledge.
- Contribute to the creation of documents, reports, technical advisories, and whitepapers for internal and external stakeholders.
- Participate in sprint demo/planning and other team or project meetings.
Technologies:
- Advanced Data Query Experience: Must be able to write and transform queries from one language to another (example - take a query that was written for Splunk and convert it to another SIEM’s syntax to find the same results)
- Intermediate Linux Experience: Must know how to operate on a Linux CLI
- Intermediate Windows Experience: Logging / Log Analysis / Log Alerting
- Intermediate SIEM / SOAR Knowledge: Be able to effectively use SIEM / SOAR platforms to build queries, alerts, actions, etc. (This is user level knowledge, not admin / configuration level knowledge)
- Cloud application logs/monitoring: Familiarity with the big 3 (AWS, Azure, GCP) and O365 is a plus
- Ticketing/development/collaboration tools: Be able to work within internal ticket queues and development management platforms (Atlassian JIRA/Confluence experience a plus)
- Experience with programming in Python is a plus
Knowledge and Skills:
- 5+ years experience in threat detection
- Experience with tools used for threat hunting and knowledge of various attack vectors is necessary.
- The candidate should have a strong understanding of threat landscapes, threat intelligence, and threat hunting methodologies.
- Strong understanding of cyber threats, attack methodologies, and vulnerability assessment.
- Strong understanding of network protocols, operating systems and security technologies.
- Relevant certifications such as CISSP, CEH, OSCP, Security+, GIAC, CTIA or equivalent are a plus.
- Excellent communication skills, both verbal and written.
- Ability to work efficiently both independently and as part of a team.
- Analytical Thinking: Break down the fundamental components of a problem or situation, examine the relationship between them, verify all pertinent facts and draw an appropriate conclusion.
- Applied Technical Thinking: Able to apply specialized, theoretical knowledge to efficient operational uses.
- Multitasking: Able to multitask effectively and shift focus easily and rapidly from one task to another.
If you have other combinations of relevant skills and experience that you expect make you the right candidate for this role, please let us know!
Who we are:
At Pondurance we embrace, educate, and protect people by helping make our world a better and safer place. We believe in inviting good people into our company who are driven to become great!
Every person at Pondurance is encouraged to focus and grow in their individual areas of interest, passion, and career path. We have accessible leaders as Mentors who believe “None of us are as smart as all of us” (R. Pelletier).
We believe everyone has the freedom to be themselves, especially at work and so we embrace, support, and celebrate each other. Each one of us influences our company’s direction through speaking up, you have a voice and we want you to use it.
Do you want to be a part of something different? Do you want to influence real change? Do you want to be part of the solution? Then join us in redefining the security and cyber risk landscape.
What We Offer:
The opportunity to apply your expertise, take on new challenges, and help customers address their biggest security objectives.
An inclusive culture of teamwork that embraces the diversity of our people and communities in which we work.
Some of the corporate benefits (there are more) for full-time employees include:
- Medical, dental, vision, disability, FSA, HSA, life and AD&D insurance, 401(k) Plan.
- Time off: PTO, sick, holiday, & parental leave details are available
- Money: We provide competitive compensation packages based on the market and your overall credentials.
Although this is a remote role, if you live close by, you’ll have access to our office locations: McLean, VA or Indianapolis, IN.
To promote a healthy and safe work community we require background and drug screenings as part of our hiring process. Details of our process will be provided upon request.
We are an equal opportunity employer focused on celebrating diversity and inclusion. We believe that each individual should be treated equally without regard to race, color, identity, national origin, protected veteran status, religion, sex including sexual orientation and gender identity, disability, or any other characteristic protected by law.
What We Do
Pondurance delivers world-class Managed Detection & Response (MDR), Incident Response (IR), Vulnerability Management, and Advisory Services to industries facing today’s most pressing and dynamic cybersecurity challenges. Our U.S. based Security Operations Center (SOC) offers personal, proactive, and around-the-clock cybersecurity to protect the human experience. We take a risk-based approach to cybersecurity; so you know you are protecting your most valuable assets and reducing your cyber risk.
Our mission is to ensure that every organization is able to detect and respond to cyber threats – regardless of size, industry or current in-house capabilities. We believe AI and automation alone aren’t enough, you need ingenious human experience because attackers aren’t machines, they are people. We combine our advanced platform with decades of human intelligence to speed detection and response and contain cybersecurity threats quickly to ultimately decrease risk to your mission.
Why Work With Us
At Pondurance we embrace, educate, and protect people by helping make our world a better and safer place. We believe in inviting good people into our company who are driven to become great! Every person at Pondurance is encouraged to focus and grow in their individual areas of interest, passion, and career path.