Cybersecurity Detection Engineer

Yesterday

Apply Now

Receive Emails with Similar Jobs

Hunter Strategy

WebsiteLinkedInAll Job Openings

Get IT right.

Software Engineering • Information Security/Cyber Security • Enterprise Architecture • Cloud Engineering • Agile

51 - 200

Description

• Create high-fidelity, actionable alerts using new and existing data sources for quick and effective threat identification, analysis, and eradication • Identify opportunities to improve the effectiveness of existing detection efforts • Develop methodologies to maintain and maximize the integrity and effectiveness of existing alerting • Create, periodically review, test, and validate custom detection content • Leverage cybersecurity threat intelligence to defend against real-world threats • Collaborate with the SOC’s incident response teams to meet operational needs • Stay familiar with adversary Tactics, Techniques, and Procedures (TTPs)

Requirements

• At least one of the following certifications: Splunk Enterprise Security Certified Admin credential • Passed AZ-500 Microsoft Azure Security Technologies exam • Minimum 3 years of experience in detection engineering, threat hunting, security operations, or incident response using Splunk Enterprise Security or Microsoft Sentinel • Experience with adding, updating, and deleting detection rules in Splunk Enterprise Security and Microsoft Sentinel • Proficiency in detection engineering methodologies, including SNORT and YARA rules • Proficiency in Python programming, Bash, and PowerShell • Proficiency in Splunk’s Search Processing Language, React, Kusto Query Language, and the Common Information Model (CIM) • Knowledge and experience in leveraging cybersecurity threat intelligence, indicators of compromise, STIX/TAXII data feeds, MITRE ATT&CK, and SIEM integrations • Strong experience in networking principles, operating systems (Linux / Windows), and security tools such as IDS/IPS, firewalls, proxy servers, and Endpoint Detection and Response (EDR) • Knowledge of Windows Sysinternal Suite (including Sysmon), Unix auditd, and how to tune configuration files for identification of malicious activity