Detection Engineer

Summary

The job is for a Cyber Incident Response Team (CIRT) member at Red Canary who will analyze EDR telemetry, publish threats to customers, develop detectors, improve workflow through orchestration & automation, provide mentorship, and collaborate effectively. The role requires analysis experience, proven automation skills, strong written communication, analytical thought-process, open-source intelligence research skills, familiarity with various frameworks and tools, and experience creating detectors/rules.

Requirements

• Analysis experience and proficiency in one or more of the following functional areas: Endpoint (MDR), Cloud/SaaS, Identity, Email, SIEM
• Proven experience with automation and orchestration to effectively handle an extreme volume of telemetry and logs in a timely and efficient manner
• Strong written communication skills, and abilities to work in a team-centric environment
• Strong analytical thought-process and critical thinking skills to translate disparate activity into the realm of threat analysis
• Open-source intelligence research skills used in a fast-paced operational environment, and the ability to apply those findings within the analytical workflow to identify threats
• Experience leveraging Mitre ATT&CK framework, and familiarity with other alternative attack frameworks and threat models
• Familiarity with backend data structures used for security analysis (JSON, YAML, etc.)
• Experience using query languages and understanding syntax across EDR or other security platforms (SQL, K, Lucene, etc.)
• Experience creating and tuning detectors/rules using commonly known tools such as YARA, SIGMA, Snort, Splunk, Elastic, etc

Responsibilities

• Use Red Canary’s detection platform to analyze EDR telemetry, alerts, and log sources across several detection domains (Endpoint, Identity, SIEM, Cloud/SaaS, etc.)
• Publish threats for customers using concisely-written communication while effectively conveying key and important indicators
• Detector Development: Research coverage opportunities then create new detectors, and tune existing ones
• Improve the CIRT workflow through orchestration & automation
• Provide mentorship to your peers and communicate effectively with others for efficient cross-team collaboration

Preferred Qualifications

• You enjoy impacting the Infosec community through writing blogs, participating in webinars, and presenting at conference talks
• Experience using version control software for the deployment of detectors, rules, or other automations (GitHub, CircleCi, etc)
• Previous Red Team experience

Benefits

• 100% Paid Premiums: Red Canary offers a 100% paid plan option for medical, dental and vision for you and your dependents. No waiting period
• Health & Wellness - Access to mental health services, Employee Assistance Program and additional programs to incentivize healthy habits
• Fertility Benefits: All new hires are eligible for benefits as of their first day
• Flexible Time Off: Take the time you need to recharge including vacation, sick, bereavement, jury duty, and holidays
• Paid Parental Leave- Full base pay to bond/care for your new child
• Pre-Tax Plans - Red Canary offers a variety of plans to fit you and your dependent specific needs including FSA, HRA and HSA, with employer funding to offset out of pocket health care expenses
• Flexible Work Environment- With 60% remote workforce, Canaries can work virtually from almost anywhere in the US