Detection Engineer
Tanium
Job highlights
Summary
Join Tanium as a Detection Engineer and contribute to the development and improvement of our internal cybersecurity detection program. Collaborate with various teams to enhance threat models and detection mechanisms, ensuring comprehensive coverage and quality. This role requires a balance of strategic thinking and hands-on execution, prioritizing and closing detection gaps. You will create and enhance detection mechanisms, ensuring alerts are properly transitioned to the security operations team. This remote position offers flexible working hours, with occasional work outside of normal business hours for incident response. The role involves continuous improvement efforts and collaboration with multiple teams to strengthen our security posture.
Requirements
- In accordance with Department of Defense requirements, applicants for this role must be a U.S. citizen, national, or resident pursuant to 8 U.S.C. 1101(a)(20) and 8 U.S.C. 1324b(a)(3)
- 2+ years working in a Security Operations or equivalent role
- 2+ years responding to threats in cloud environments (Azure and AWS preferred)
- Working knowledge of common frameworks (Mitre ATT&CK)
- Ability to use data to derive meaningful metrics to drive prioritization
- Firm understanding of attacker tactics, techniques, and procedures and means of detection
- Ability to synthesize risks and derive detection countermeasures
- Proficiency with security tools and platforms (e.g., SIEMs, vulnerability scanners, and malware analyzers)
- Familiarity with IDS/IPS systems and endpoint Antivirus and EDR products
Responsibilities
- Drive a comprehensive security detection strategy applied consistently across the organization
- Develop comprehensive reports and metrics on the efficacy and long-term tracking of detection coverage
- Drive continuous development and tuning of detection measures
- Partner with security teams and business units to define appropriate log visibility & detection related gaps
- Lead continuous improvement efforts to evaluate detection capabilities & related tooling efficiency
- Build innovative ways to detect potential threats within on premise and cloud environments
- Collaborate with operations personnel to prioritize and close detective gaps
- Work with security architects and engineers to develop detective compensating controls based on threat models
- Drive standardization and repeatable processes and procedures within operations as it pertains to responding to threats
- Participate in the development and execution of threat hunting exercises
- Develop, implement, document and maintain SIEM & Detection engineering tooling management controls, standard operating procedures, narratives and test scripts
- Plan, run, and participate in table top exercises
- Collaborate with engineering teams to develop automation to improve the efficiency of security operations
- Provide incident response support
- Leverage threat intelligence reporting to develop new detection capabilities
- Analyze malware and exploit techniques in a lab environment
Preferred Qualifications
- Malware analysis experience preferred
- Working knowledge of Python or other scripting languages preferred
Benefits
- This position is available for remote workers with flexible working hours
- Medical, dental and vision plan
- Family planning benefits
- Health savings account
- Flexible spending account
- Transportation savings account
- 401(k) retirement savings plan with company match
- Life, accident and disability coverage
- Business travel accident insurance
- Employee assistance programs
- Disability insurance
- Other well-being benefits
- Equity awards
- 5 days set aside as volunteer time off (VTO)
Share this job:
Similar Remote Jobs
- πWorldwide
- πItaly
- πCzech Republic
- π°$85k-$260kπUnited States
- π°$120k-$253kπUnited States, Canada
- π°$115k-$126kπWorldwide
- π°$161k-$218kπUnited States
- πSingapore
- π°$200k-$275kπUnited States