Overview :

We are seeking an experienced and proactive Detection Engineer to join our Security Operations and Threat Detection team. The ideal candidate will have a strong background in developing, implementing, and tuning high-fidelity threat detection content across various environments, including endpoints, cloud infrastructure, and identity platforms. You will play a critical role in enhancing our security posture by ensuring we can rapidly identify and respond to sophisticated threats targeting our organization.

Key Responsibilities :

- Detection Development : Design, develop, and implement high-fidelity threat detection rules and signatures within our Security Information and Event Management (SIEM) system and Endpoint Detection and Response (EDR) platforms.

- Code Implementation : Contribute to detection projects using scripting languages like Python or configuration languages like YAML (or other custom detection rule languages).

- Telemetry Expertise : Utilize deep knowledge of OS-specific telemetry, including Windows Security/Sysmon logs, Linux, and Mac logs, to create targeted and effective detections.

- Advanced Monitoring : Develop specific detection logic to monitor and analyze suspicious activities related to Windows PowerShell Monitoring.

- Cloud & Identity Threat Analysis : Analyze, model, and develop detections for attacks targeting Cloud logs, email platforms, OAuth mechanisms, and Identity-related systems.

- Tuning and Optimization : Continuously tune and optimize existing detections to minimize false positives, improve signal-to-noise ratio, and maintain detection efficacy across all monitored platforms.

- Threat Intelligence : Maintain strong threat landscape awareness and translate external and internal intelligence into actionable detection content.

- Behavioral Detections : Focus on the development of anomaly and behavior-based detections to identify threats that evade signature-based defenses.

- Validation : Participate in testing and validating detection rules against known attack techniques.

Required Qualifications

- Experience : 3+ or more years of professional experience working specifically as a Detection Developer or in a similar role focused on threat detection engineering.

- Development Skills : Proven experience contributing to detection-related projects using scripting (e.g., Python) or configuration languages (YAML or similar custom languages).

- Security Telemetry : Expertise in utilizing and analyzing security logs from various operating systems (Windows Security/Sysmon logs, Linux, Mac).

- PowerShell Monitoring : Specific experience developing detections targeting or monitoring Windows PowerShell activities.

- Security Domain Knowledge : Experience with threat analysis and detection development related to :

Cloud logs :

- Email and Collaboration platforms

- OAuth and Identity-related attacks

- Platform Expertise : Strong practical experience with SIEM Detections and EDR detections/signatures.

- Threat Awareness : Demonstrated ability to understand the current threat landscape and develop anomaly/behavior-based detections.

Desired Qualifications (A Plus) :

- Penetration Testing and Attack Tool Awareness : Knowledge and experience in analyzing output and techniques of penetration testing and other common attack tools are a definite plus.

- Professional Security Certifications : Professional certifications in Security and/or Cloud are highly desired (i.e., CISSP, GNFA, GCFA, GCFE, GREM, or equivalent).