Senior Security Threat Detection Engineer Consultant

• Ideate, design, develop, test, monitor, and tune high-quality detections to ensure security analysts have the ability to respond to security threats
• Write complete and well-documented alerting and detection strategies to ensure the security analysts and incident responders have the necessary context and runbooks to respond to detections
• Build, maintain, and improve custom detection and alerting solutions, or work with existing commercial tools to ensure they are tuned properly to meet detection coverage needs
• Act as a subject matter expert for security-relevant logs and data to assist Incident Response team during high-priority investigations
• Collaborate with Threat Intelligence team to ensure detections have a meaningful impact on improving security posture

• 1 – 3 years experience with hands-on experience with full-lifecycle detection engineering in support of a security operations team
• Experience as a Security Operations Analyst or Incident Responder
• Comfortability operating in Splunk or other common SIEM and SOAR solutions
• Technical depth in one or more of the following specialties: application security, cloud security, digital forensics, malware analysis, threat hunting, incident response or some combination thereof
• Familiarity with SQL, relational databases, and data warehousing
• Basic Python (or other scripting language) experience in order to automate tasks within case management and CI/CD environment
• Experience with defining, collecting, and analyzing various metrics that exhibit the purpose and success of a maturing Detection Engineering program (i.e. MITRE ATT&CK coverage)
• Demonstrated knowledge of threat actor techniques, vulnerabilities, and exploits, and how those present themselves within logs and various endpoint/network artifacts
• Excellent communication and collaboration skills
• Ability to work with a high degree of autonomy
• Excellent analytical skills
• Collaborative team worker – both in person and virtually using WebEx or similar
• Excellent documentation skills; demonstrated proficiency in Microsoft Office including Word, Excel, and PowerPoint
• Ability to work as liaison between business and information security / information technology
• Flexibility to accommodate working across different time zones
• Excellent interpersonal communication skills with strong spoken and written English
• Business outcomes mindset
• Solid balance of strategic thinking with detail orientation
• Self-starter, ability to take initiative
• Project management and organizational skills with attention to detail

• Relevant industry certifications
• Experience working with and creating detections as Sigma rules
• Formal software engineering, DevOps, or data science experience from prior jobs, trainings, or academia
• Hands-on experience building tools and solutions within a public cloud environment, preferably AWS
• Splunk engineering/administration experience
• Experience with PCI-DSS, FedRAMP, and other compliance frameworks and their associated logging and detection requirements

• Bachelor's degree (BA/BS) from four-year college or university; or equivalent training, education, and work experience
• Cybersecurity certifications such as CISSP, CISM, etc.

Hybrid Pathways