Senior XSIAM Detection Engineer (3rd shift)

Who We Are

Red Canary was founded to create a world where every organization can make its greatest impact without fear of cyber threats. We’re a cyber security company who protects, supports and empowers organizations to make better security decisions so they can focus on their mission without fear of cyber threats.

The combination of our market-defining technology and expertise prevents breaches every day and sets a new standard for partnership in the industry. We’re united in our commitment to customers and grounded in our values, which earned us a place on the Forbes Best Start-up Employers 2022 list. If our mission resonates with you, let’s talk.

What We Believe In

- Do what’s right for the customer

- Be kind and authentic

- Deliver great quality

- Be relentless

Challenges You Will Solve

The security landscape is always shifting and introducing new adversaries. The Red Canary XSIAM Detection Engineering & Response team operates 24/7 to track down threats in source signal data and deliver fast and actionable detections to our customers.

The XSIAM Detection Engineer is an expert in configuring and managing a Security Information and Event Management (SIEM) system for large customers. They are responsible for creating alarms and dashboards related to relevant security data/threats/events. In addition, they can automate playbooks to alarms and enrich data from outside sources. They are competent in working with all aspects of managing security controls and products.

This is not a role where you are encouraged to passively accept the current state. At Red Canary, you are empowered to actively look for opportunities to automate repetitive and tedious tasks. We let the automation playbooks handle the mundane tasks, so that you can remain focused on solving complex and critical problems for our customers.

It is expected at the Senior XSIAM Detection Engineer level, that you already have the skills necessary to immediately contribute to the operational and project needs of the XSIAM Detection Engineering & Response team. This is accomplished by performing analysis of customer alerts, improving customers overall defense posture, implementing parsers and playbooks that streamline customer security operations, and much more.

What You'll Do

• Use Palo Alto’s XSIAM platform, source signal data, and external resources to uncover threats and tell the story of what occurred in a customer environment.
• Develop advanced playbooks to reduce alert fatigue and maximize customer investment.
• Build new detection capabilities into the XSIAM platform based on your research of new attack techniques.
• Leverage previous security operations experience to enhance the XSIAM Detection Engineering & Response teams knowledge-base and expertise.
• Initiate and undertake tasks of writing XQL logic in the XSIAM platform to improve operational workflows.
• Actively engage with customer support teams to solve customer problems by fostering collaboration and gathering feedback on specific security concerns.
• Help lead projects to improve collaboration between the customer and the XSIAM Detection Engineering & Response team.

What You'll Bring

• 3+ years experience in Information Security SIEM administration, parser development, cybersecurity content development, creating queries, alerting, and log analysis (or similar analysis role).
• 3+ years experience in scripting/process automation. 
• 3+ years experience operating and supporting a large enterprise environment.
• Experience with security configuration of operating systems, network devices, etc. 
• Demonstrated expertise with at least one programming/scripting language.
• Demonstrated experience with securing all aspects of an enterprise.
• Demonstrated expertise in understanding networking technologies and protocols.
• Demonstrated systems administration experience with Windows and Linux/UNIX-based operating systems.
• Participated in an on-call schedule responsible for responding to high-priority issues.
• Must have a passion for technology and stay current with emerging security trends.
• Excellent verbal & written communication and presentation skills. 
• Experience with new technology evaluations, software package selection, and buy vs. build analysis.
• Advanced scripting – Python, Go, Javascript.

Additional skills that will set you apart from other candidates:

• Experience with Palo Alto XSIAM (or next-gen SIEM).
• Experience with AWS, Azure, GCP logging, and cloud technologies in general.
• Experience with EDR and IAM technologies.
• Familiarity with standard log formats from different systems: Windows/Linux/Cloud, etc. 
• API integration/automation experience.
• Experience with process automation / at least one primary SOAR tool.
• Experience working in a global organization.

Targeted base salary range: $115, 360 - $137,000. This role is eligible for participation in the company's bonus program. This role is also eligible for a grant of stock options, subject to the approval of the company's board of directors.

**this position will be supporting a 10am to 6pm MT shift, Monday - Friday.

Benefit Highlights:

- 100% Paid Premiums: Red Canary offers a 100% paid plan option for medical, dental and vision for you and your dependents. No waiting period.

- Health & Wellness - Access to mental health services, Employee Assistance Program and additional programs to incentivize healthy habits.

- Fertility Benefits: All new hires are eligible for benefits as of their first day.

- Flexible Time Off: Take the time you need to recharge including vacation, sick, bereavement, jury duty, and holidays. 

- Paid Parental Leave- Full base pay to bond/care for your new child.

- Pre-Tax Plans - Red Canary offers a variety of plans to fit you and your dependent specific needs including FSA, HRA and HSA, with employer funding to offset out of pocket health care expenses. 

- Flexible Work Environment- With 60% remote workforce, Canaries can work virtually from almost anywhere in the US.

The application deadline is January 31, 2025.

Why Red Canary?

Red Canary is where people embody our mission to improve security outcomes for all. People work hard to maintain a culture that encourages authenticity in order to do your best work. Our people are driven and committed to finding the best security outcomes, delivering real and actionable answers, and being transparent along the way. 

At Red Canary, we offer a very rich benefits program to our full-time team members so they can focus on their families and improving our customers’ security. For a full list of benefits, please review our Benefits Summary:

https://resource.redcanary.com/rs/003-YRU-314/images/RedCanary_2025BenefitsSummary.pdf?version=0

Individuals seeking employment at Red Canary are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation.