Security Detection Engineer

3 days ago

Apply Now

Receive Emails with Similar Jobs

Thrive

WebsiteLinkedInAll Job Openings

Managed IT Services • Complete Outsourced IT Services • Hosted Cloud Services • Help Desk Support • Onsite Engineering

201 - 500

Description

• Looking for a Security Detection Engineer to advance Thrive's cybersecurity detection program. • Responsible for the development and continuous improvement of Thrive’s cybersecurity detection program. • Drive continuous development of all new alerting rules, hunts, queries, and reports. • Develop, implement, document, and maintain SIEM & Detection tooling, standard operating procedures, attack signatures and test scripts. • Implementation and management of API security measures, ensuring secure data transmission and compliance with industry-standard API security protocols. • Analyze attacker TTPs and build countermeasures to detect and/or stop them using endpoint telemetry. • Work with security analysts and engineers to develop security controls based on threat model and gap. • Provide guidance and support to the SOC team in enhancing threat detection capabilities. • Design and manage Thrive’s gap analysis and threat modeling processes. • Management of the Security Lab and responsible for testing new and existing TTP’s and attacks. • Research threats, malware and novel behavioral techniques and then apply that research to build or tune detection rules and analytics. • Develop and manage KPIs to measure and enhance the effectiveness of our threat detection strategies. • Other duties as required.

Requirements

• Bachelor’s degree in computer science, Information Technology, or a related field. • Relevant certifications (e.g., Security+, CySA+, Network+) • 3-5 years of experience in cybersecurity or a related field • Firm understanding of attacker tactics, techniques, procedures and means of detection • Solid understanding of the MITRE ATT&CK and Cyber Kill Chain frameworks • Understanding of common enterprise technologies and logging capabilities including Cloud, IDS/IPS, Firewalls, Active Directory, Anti-Virus/EDR, Proxies, and Email Gateway • Ability to engineer creative, scalable, and out-of-the-box solutions • Stay up to date with engineering best practices, security technology trends, tools, and frameworks • Experience with scripting languages (e.g., Python, PowerShell) • Knowledge of cloud security platforms (e.g., Azure, AWS, GCP) • Must be able to work effectively in a team environment and collaborate within the team and other stakeholders • Familiarity with common security technologies, such as firewalls, intrusion detection/prevention systems, and antivirus software • Basic understanding of networking concepts and protocols (TCP/IP, DNS, HTTP). • Strong problem-solving and analytical skills • Excellent communication and interpersonal skills • Ability to work independently and as part of a team. • Ability to communicate security information to non-technical people • Demonstrates comprehension of good security practice • Knowledge of risk assessment tools, technologies and methods