Security Detection Engineer

Summary

Join Thrive, a rapidly growing technology solutions provider, as a Security Detection Engineer to spearhead the advancement of our cybersecurity detection program.

Requirements

• Bachelor’s degree in computer science, Information Technology, or a related field
• Relevant certifications (e.g., Security+, CySA+, Network+)
• 3-5 years of experience in cybersecurity or a related field
• Firm understanding of attacker tactics, techniques, procedures and means of detection
• Solid understanding of the MITRE ATT&CK and Cyber Kill Chain frameworks
• Understanding of common enterprise technologies and logging capabilities including Cloud, IDS/IPS, Firewalls, Active Directory, Anti-Virus/EDR, Proxies, and Email Gateway
• Ability to engineer creative, scalable, and out-of-the-box solutions
• Stay up to date with engineering best practices, security technology trends, tools, and frameworks
• Experience with scripting languages (e.g., Python, PowerShell)
• Knowledge of cloud security platforms (e.g., Azure, AWS, GCP)
• Must be able to work effectively in a team environment and collaborate within the team and other stakeholders
• Familiarity with common security technologies, such as firewalls, intrusion detection/prevention systems, and antivirus software
• Basic understanding of networking concepts and protocols (TCP/IP, DNS, HTTP)
• Strong problem-solving and analytical skills
• Excellent communication and interpersonal skills
• Ability to work independently and as part of a team
• Ability to communicate security information to non-technical people
• Demonstrates comprehension of good security practice
• Knowledge of risk assessment tools, technologies and methods

Responsibilities

• Responsible for the development and continuous improvement of Thrive’s cybersecurity detection program
• Drive continuous development of all new alerting rules, hunts, queries, and reports
• Develop, implement, document, and maintain SIEM & Detection tooling, standard operating procedures, attack signatures and test scripts
• Implementation and management of API security measures, ensuring secure data transmission and compliance with industry-standard API security protocols
• Analyze attacker TTPs and build countermeasures to detect and/or stop them using endpoint telemetry
• Work with security analysts and engineers to develop security controls based on threat model and gap
• Provide guidance and support to the SOC team in enhancing threat detection capabilities
• Design and manage Thrive’s gap analysis and threat modeling processes
• Management of the Security Lab and responsible for testing new and existing TTP’s and attacks
• Research threats, malware and novel behavioral techniques and then apply that research to build or tune detection rules and analytics
• Develop and manage KPIs to measure and enhance the effectiveness of our threat detection strategies