Remote Manager, Detection and Response Engineering

Summary

Join Expel as a Detection Engineering Lead to improve and maintain the detection and response strategy of their Workbench platform, grow a team of skilled detection engineers, and shape the security industry's approach to detection and response at scale.

Requirements

• Expertise in writing efficient and effective detections for EDRs, ideally at an MDR,a service provider, or as part of a security product’s research team
• Deep understanding of attacker behavior, mapping that behavior to MITRE ATT&CK, building coverage around that behavior, and measuring that coverage at scale
• Experience using response automation to improve detection efficacy
• Familiarity with a range of detection and response tools including but not limited to EDR, NSM, EUBA, SIEM, and cloud detection and response products
• Proficient in Python or Golang programming languages
• Understanding of various operating systems and cloud service platforms
• The ability to analyze event and systems logs, perform forensic analysis, analyze malware, and other incident response related data, as needed
• Knowledge of attack surfaces and corresponding attacker tactics, techniques and procedures
• Comfortable with enterprise security architecture, detection, and response
• Ability to identify relevant data sources, normalize them across toolsets, and work with detection engines to drive effective correlation, automation and orchestration

Responsibilities

• Improve and maintain the detection and response strategy of Expel’s Workbench platform in order to meet the scale of our growing customer base
• Grow a team of skilled detection engineers with deep EDR detection writing experience
• Lead your team to grow a sustainable model for continuously adding content to Expel’s product
• Maintain and evolve a detection and response strategy that meets the needs of all of our customers, in terms of both coverage and efficiency
• Consistently develop and maintain a deep understanding of adversary behavior, tools, and techniques to drive forward new approaches to detection and response
• Continuously provide feedback and coaching to inspire a high-performing team of detection and response engineers
• Collaborate with sister teams, UX, product management, and senior leadership
• Shape how the security industry thinks about detection and response at scale by creating new and novel approaches for SOC analysts investigating and responding to alerts in a queue

Benefits

• Base salary range: $146,900 USD - $213,000 USD
• Bonus eligibility
• Equity
• Unlimited PTO
• Work location flexibility
• Up to 24 weeks of parental leave
• Excellent health benefits