Senior Detection Engineer

Summary

Join NBCUniversal as a Sr. Detection Engineer and lead the enhancement of our security posture. You will design, develop, and implement advanced security monitoring and detection capabilities, mentor junior engineers, and investigate sophisticated threats. This role demands in-depth expertise in threat identification and analysis, a strong understanding of the evolving threat landscape, and excellent communication skills. You will collaborate with other security teams and contribute to the improvement of security processes and procedures. The position offers a competitive salary and a comprehensive benefits package.

Requirements

• 7+ years of hands-on cybersecurity experience in detection engineering, threat hunting, incident response, digital forensics, cyber intelligence, or related fields
• 2+ years of detection engineering experience
• Experience in network and host-based analysis and investigation. Excellent understanding of operating systems and investigation of threat actor techniques in Windows, Linux, and macOS
• Expertise in Splunk Search Processing Language (SPL), SQL, LogScale, and Endpoint Detection and Response (EDR) tools or other SIEM technologies and query languages
• Understanding of complex enterprise networks to include endpoint, network, email, identity management, and administration systems
• Deep understanding of network and host-based security concepts, including protocols (HTTP, DNS, SMB), operating systems (Windows, Linux, macOS), authentication protocols, and security tools (SIEM, EDR, SOAR)
• Excellent analytical and problem-solving skills, detail-oriented, and able to communicate process and findings verbally and through reports
• General understanding of various cloud technologies and the security implications behind them
• Experience crafting logic that detects threats in user, network, host, or cloud activity in a high-fidelity manner
• Hands-on technical expertise in building scripts, tools, or methodologies that enhance threat detection and incident response capabilities. (Preferably SPL and Python)
• Knowledge of industry recognized security and analysis frameworks (MITRE ATT&CK, Kill Chain, NIST Incident Response, etc.)
• Must be self-motivated and able to work both independently and as part of a team
• Willingness to provide support during nontraditional working hours in an on-call fashion

Responsibilities

• Lead the design, development, and implementation of advanced security monitoring and detection capabilities
• Mentor and guide junior Detection Engineers
• Analyze security logs from various sources, including firewalls, intrusion detection systems (IDS/IPS), endpoint detection and response (EDR) systems, applications, and cloud provider platforms
• Develop and maintain high-fidelity security monitoring rules and alerts using consistent and repeatable processes
• Develop, optimize, and facilitate the use of repeatable templates, documentation requirements, and procedures
• Develop, maintain, and improve an alert lifecycle, and periodically review alerts for relevancy, efficacy, and potential for improvement
• Lead multi-team meetings to capture feedback, share information, refine alerts, and facilitate a collaborative working environment
• Be knowledgeable and share information about detection engineering best practices for skills, technology, and processes
• Investigate threat intelligence and security incident data to create and refine detection logic
• Stay on top of industry news and investigate and prioritize detections as part of a threat-informed defense
• Stay current on emerging threats, vulnerabilities, and attack techniques
• Participate in security incident response activities as needed
• Collaborate effectively with other security teams, including incident response, threat intelligence, vulnerability management, and application security
• Develop relationships to cultivate internal and external intelligence and emulate threat activity to support detection creation and test detection efficacy
• Analyze and prioritize detection coverage relative to existing industry standard frameworks (e.g., MITRE ATT&CK)
• Enhance team capabilities through ongoing research, automation (scripting, etc.), and the development of new tools and methodologies to improve threat detection and incident response capabilities
• Develop and lead special projects, such as evaluating new security tools and technologies, developing proof-of-concept solutions, and building tools/capabilities to solve specific security challenges

Preferred Qualifications

Hands-on technical expertise in building scripts, tools, or methodologies that enhance threat detection and incident response capabilities. (Preferably SPL and Python)

Benefits

• Medical, dental and vision insurance
• 401(k)
• Paid leave
• Tuition reimbursement
• A variety of other discounts and perks
• Fully Remote