Threat Detection Engineer

Calling all innovators – find your future at Fiserv.

We’re Fiserv, a global leader in Fintech and payments, and we move money and information in a way that moves the world. We connect financial institutions, corporations, merchants, and consumers to one another millions of times a day – quickly, reliably, and securely. Any time you swipe your credit card, pay through a mobile app, or withdraw money from the bank, we’re involved. If you want to make an impact on a global scale, come make a difference at Fiserv.

Job Title

Threat Detection Engineer

What does a successful Threat Detection Engineer do at Fiserv?

You will work towards ensuring our Cybersecurity Incident Response team can quickly respond to alerts associated with credible threats to the Fiserv environment by writing correlated detection rules for complex cybersecurity use cases and have a strong understanding in adversarial techniques, incorporation of intelligence data, and expert dashboard and report creation using Business Intelligence (custom or commercial) tools and Agile methodologies. You will be reporting to the Vice President Threat Detection and Response in this position.

What you will do:

• Research and develop adversarial techniques to develop behavioral detections with high fidelity and assist in testing developed detection content
• Manage and maintain the entire lifecycle of SIEM management (data selection, ingest, parsing, detection development) and SOAR (alert configuration/management, playbook/runbook development, automation) management
• Create standard metrics across different cybersecurity teams, as well as intelligence and operational dashboards using data science and BI tools
• Manage workflows using Agile methodology to properly scope and track progress on development initiatives
• Collaborate with Fiserv Threat Intelligence, Threat Hunters, Incident Responders, and Red Team members to evaluate and close gaps in detection coverage
• Stay current with threat intelligence, vulnerabilities, attacks, and countermeasures, dedicating time to threat research and enhancing our defensive posture

What you will need to have:

• 6+ years of Information Technology experience
• 2 years of SIEM/SOAR, and cybersecurity operations and development experience with core cybersecurity technologies (EDR/AV, IDS/NDR, UEBA, DLP, WAF, Proxy) and cloud technologies (AWS, Azure, GCP)
• 2+ years development experience for detection development using standard SIEM syntax (Splunk, SIGMA/YARA-L, ELK, SQL), MITRE ATT&CK framework, development coverage, and coverage metrics
• 1+ years scripting/development experience with Python, SQL, PowerShell, bash, Ruby, GO, Ruby, R, Rust, or similar tools
• 1+ year experience in areas of malware analysis/reversing, forensics, Incident Response, or Cyber Intelligence
• 1+ years’ experience in the creation and management of metrics and analytics using APIs, SQL, and Business Intelligence tools
• 1+ years’ experience in Agile methodologies and development tools like Azure DevOps, Jira, or Asana
• Bachelor’s degree in data science, Computer Science, Engineering, Mathematics or an equivalent combination of education, work, and/or military experience

What would be great to have:

• Certifications in Cloud technologies like AWS, Azure or GCP
• Other Industry certifications such as SANS GCIH, GSOC, GSOM, GCIA, GPEN, GMON, GCDA, GFACT
• Previous Fiserv experience in a similar role

This role is not eligible to be performed in Colorado, California, District of Columbia, Hawaii, Illinois, Maryland, New York, Nevada, Rhode Island or Washington.

Please note that salary ranges provided for this role on external job boards are salary estimates made by outside parties and may not be accurate.

Thank you for considering employment with Fiserv.  Please:

• Apply using your legal name
• Complete the step-by-step profile and attach your resume (either is acceptable, both are preferable).

What you should know about us:

Fiserv is a global leader in payments and financial technology with more than 40,000 associates proudly serving clients in more than 100 countries. As one of Fortune® magazine's "World's Most Admired Companies™" 9 of the last 10 years, one of Fast Company’s Most Innovative Companies, and a top scorer on Bloomberg’s Gender-Equality Index, we are committed to innovation and excellence. 

Our commitment to Diversity and Inclusion:

Fiserv is an Equal Opportunity Employer, and we welcome and encourage diversity in our workforce that reflects our world. All qualified applicants will receive consideration for employment without regard to race, color, religion, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by law. 

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Warning about fake job posts:

Please be aware of fraudulent job postings that are not affiliated with Fiserv. Fraudulent job postings may be used by cyber criminals to target your personally identifiable information and/or to steal money or financial information.

Any communications from a Fiserv representative will come from a legitimate business email address. We will not hire through text message, social media, or email alone, and any interviews will be conducted in person or through a secure video call. We won’t ask you for sensitive information nor will we ask you to pay anything during the hiring process. We also won’t send you a check to cash on Fiserv’s behalf.

If you see suspicious activity or believe that you have been the victim of a job posting scam, you should report it to your local FBI field office or to the FBI’s Internet Crime Complaint Center.