Description :

You'll be working as a detection developer on our Integration, Detection, and Response Team, responsible for ensuring the quality and scale of our detection base and presenting actionable detections to our Security Services teams and customers.

Responsibilities :

- Developing and maintaining high-quality custom detection rules (Suricata/Snort/IDS/IPS).

- Research and develop expertise for various threat surfaces and the telemetry available for them.

- Conducting code reviews and providing constructive feedback to ensure code quality and maintainability.

- Debugging and fixing issues in existing detection/signature codebases.

- Participate in the full software development life cycle, building well-designed, testable, efficient, secure code.

- Work with team members to develop novel detections and continuously tune existing ones.

- Understand the product and how Security Services delivers the service.

- Propose coverage and efficacy improvements to the detection surface.

- Build well-designed, testable, efficient, and durable detections.

- Build runbooks, reports, and supporting material for the detection surface.

- Document research findings and knowledge, share with the team and other departments.

- Troubleshoot, educate, and share information with non-technical people.

- Continuously learning and adopting best practices for code quality, software development methodologies, and programming principles to enhance coding skills and stay updated with industry advancements.

Requirements :

- 4 plus years of detection authoring experience with a focus on the following key areas :

- NDR/IPS/IDS detections/signatures

- Development of anomaly and behaviour-based detections

- Tuning and optimization of detections

- Detailed knowledge about the inner workings of networking, protocols(TCP/IP, DNS, HTTP), protocol analysers, Suricata/snort rules, and other network-related threat management domain topics, e. g. LDAP, NTLM, etc.

- Ability and experience to research and develop security detections related to network threat vectors.

- Experience using MITRE ATT and CK, PCAP analysis, and threat intelligence feeds.

- Experience with 3rd-party firewalls, IDS/IPS, and network edge devices, their capabilities, and configuration is a bonus, but minimal understanding of their use and vulnerabilities.

- We use and train a variety of technologies in MDR. You should have a strong understanding of networking, protocols, and cybersecurity. As a detection developer, you bring a strong knowledge base that you use to help the team solve complex technical and security problems.

- Helpful to have experience in the following areas :

- SIEM detections

- EDR detections/signatures

- Sigma and Yara rules

- Cloud security detections

- Experience in at least two of the following Development Languages and Methodologies : Python, Go, Java, or C/C++

- Test Driven Development

- Full understanding and use of DevOps methods/tooling

- Full understanding/application of secure development practices

- Cloud Development : AWS, Azure, and GCP using Kubernetes/Containers, IaaS, and key PaaS services, Agile (SCRUM/Kanban).

- Experience in the following security tooling is a plus :

- NGFW (PAN, CISCO, Fortinet, etc.)