Senior Detection and Response Engineer

November 12

Apply Now

Receive Emails with Similar Jobs

Expel

WebsiteLinkedInAll Job Openings

Transparent managed security • Resilience recommendations • Monitor 24x7 • Investigate and respond • Snark

201 - 500

Description

• Architect, maintain and iteratively improve Expel's ability to detect and investigate threats using integrated technologies with limited direction. • Continuously improve Expel’s detection strategy and capability through creation of detections for Expel’s proprietary rule engine. • Maintain documentation in support of Expel’s detection and response content. • Improve SOC analyst efficiency by automating investigative workflows using an orchestration framework written in Python. • Collaborate with engineering on Expel’s integrations and engineering standards associated with each class of integration. • Evaluate technology APIs to design detection and response solutions to drive value and efficiency in Expel’s Workbench platform. • Contribute to and thrive in a culture of experimentation, agile, quality and continuous improvement among the team. • Take a leading role in the team’s research and monitoring of the latest threat landscape and subsequent detection and response automation development. • Communicate effectively with stakeholders on support requests surfaced to the D&R engineering team. • Mentor less experienced team members and SOC analysts. • Bridge the Engineering to effectively identify new platform features and tools to better enable the growth of our detection and response capabilities.

Requirements

• 3+ years of experience with detection and response tools, particularly EDR, NSM, and SIEM. • 3+ years of experience writing, deploying and tuning custom detections based on research or investigative work against common data sets (Windows Event Logs, auditd, CloudTrail, and similar datasets.) • Proficiency of Python, Go or other object oriented programming languages • Strong understanding of Windows, macOS and Linux operating systems and command line tools. • Knowledge of networking basics, such as TCP/IP and OSI model. • Expert knowledge and observations of attack vectors, threat tactics, and attacker techniques. • Intermediate knowledge of cloud infrastructure platforms and their Identity and Access Management (IAM) models. • Cursory understanding of common Software-as-a-Service (SaaS) applications and available security signal • Bachelor’s degree in Computer Science or Information Security strongly preferred. • 5+ years of professional experience in information technology or security operations would be ideal but not required.

Benefits

• Unlimited PTO (which we model and encourage) • Work location flexibility • Up to 24 weeks of parental leave • Really excellent health benefits