Remote Senior Detection and Response Engineer

Summary

Join Expel as a Detection and Response (D&R) Engineer to architect, maintain, and improve the company's ability to detect and investigate threats using integrated technologies with limited direction.

Requirements

• 3+ years of experience with detection and response tools, particularly EDR, NSM, and SIEM
• 3+ years of experience writing, deploying and tuning custom detections based on research or investigative work against common data sets (Windows Event Logs, auditd, CloudTrail, and similar datasets.)
• Proficiency of Python, Go or other object oriented programming languages
• Strong understanding of Windows, macOS and Linux operating systems and command line tools
• Knowledge of networking basics, such as TCP/IP and OSI model
• Expert knowledge and observations of attack vectors, threat tactics, and attacker techniques
• Intermediate knowledge of cloud infrastructure platforms and their Identity and Access Management (IAM) models
• Cursory understanding of common Software-as-a-Service (SaaS) applications and available security signal
• Bachelor’s degree in Computer Science or Information Security strongly preferred

Responsibilities

• Architect, maintain and iteratively improve Expel's ability to detect and investigate threats using integrated technologies with limited direction
• Continuously improve Expel’s detection strategy and capability through creation of detections for Expel’s proprietary rule engine
• Maintain documentation in support of Expel’s detection and response content
• Improve SOC analyst efficiency by automating investigative workflows using an orchestration framework written in Python
• Collaborate with engineering on Expel’s integrations and engineering standards associated with each class of integration
• Evaluate technology APIs to design detection and response solutions to drive value and efficiency in Expel’s Workbench platform
• Contribute to and thrive in a culture of experimentation, agile, quality and continuous improvement among the team
• Take a leading role in the team’s research and monitoring of the latest threat landscape and subsequent detection and response automation development
• Communicate effectively with stakeholders on support requests surfaced to the D&R engineering team
• Mentor less experienced team members and SOC analysts
• Bridge the Engineering to effectively identify new platform features and tools to better enable the growth of our detection and response capabilities

Benefits

• Unlimited PTO
• Work location flexibility
• Up to 24 weeks of parental leave
• Really excellent health benefits