Principal Detection Engineer

Summary

Join our team as a Principal Detection Engineer and play a key role in developing and enhancing our threat detection capabilities. You will lead the identification of emerging threats, create innovative detection methods, and mentor junior engineers. This remote position requires expertise in SIEM/SOAR platforms, data querying, and various operating systems. You will collaborate with cross-functional teams, conduct threat research, and improve alerting workflows. The ideal candidate possesses a strong understanding of cybersecurity threats and extensive experience in threat detection. This role offers the opportunity to work with cutting-edge technologies and contribute to a dynamic security team.

Requirements

• Bachelor's degree in Computer Science, Engineering, related field, or equivalent work experience
• 7+ years of experience in threat detection
• Expert knowledge of network protocols, operating systems and security technologies
• Strong understanding of threat landscapes, threat intelligence, and threat hunting methodologies
• Experience with tools used for threat hunting and knowledge of various attack vectors
• Strong understanding of cyber threats, attack methodologies, and vulnerability assessment
• Significant experience with Security Information and Event Management (SIEM) systems
• Excellent communication and collaboration skills, with the ability to work effectively in a team environment
• Analytical Thinking: Break down the fundamental components of a problem or situation, examine the relationship between them, verify all pertinent facts and draw an appropriate conclusion
• Applied Technical Thinking: Able to apply specialized, theoretical knowledge to efficient operational uses
• Multitasking: Able to multitask effectively and shift focus easily and rapidly from one task to another
• Expert SIEM / SOAR Knowledge: Be able to effectively use SIEM / SOAR platforms to build queries, alerts, actions, etc
• Advanced Data Query Experience: Must be able to write and transform queries from one language to another
• Advanced Windows Experience: Logging / Log Analysis / Log Alerting
• Intermediate Linux Experience: Must know how to operate on a Linux CLI

Responsibilities

• Oversee and advise the deployment and tuning of security tools and technologies
• Check and suggest improvements to code, give feedback, and approve work by the detection engineering team
• Coach, mentor, and support junior detection engineers, ensuring timely and successful task completion and fostering an environment of continuous learning and improvement
• Regularly assess team projects, providing appropriate support, guidance, or training
• Build new alerting techniques and enhance existing alerts
• Conduct in-depth research and analysis of emerging cyber threats, attack vectors, and vulnerabilities to proactively identify potential risks
• Stay current with the latest threat landscape and integrate threat intelligence data into detection mechanisms
• Collaborate with SOC management and analysts to improve alerting workflow
• Improve efficacy of telemetry collection and threat detection rules
• Foster cross functional relationships with other department engineers to align goals and transfer knowledge
• Help create documents, reports, technical advisories, and whitepapers for internal and external stakeholders
• Participate in sprint demo/planning and other team or project meetings

Preferred Qualifications

• Certifications such as CISSP, CEH, OSCP, Security+, GIAC or equivalent are a plus
• Cloud Application Logs & Monitoring: Familiarity with AWS, Azure, GCP, and O365 is a plus
• Ticketing & Collaboration Tools: Efficiently utilize internal ticket queues and development management platforms (Atlassian JIRA/Confluence experience a plus)
• Programming: Experience with programming in Python is a plus