Senior Detection Engineer

Summary

Join Pondurance as a Senior Detection Engineer and play a crucial role in developing and enhancing threat detection capabilities. You will identify emerging threats, analyze attack techniques, and devise effective detection methods. Responsibilities include overseeing security tool deployment, assessing team projects, building alerting techniques, conducting threat research, and mentoring junior engineers. The ideal candidate possesses 5+ years of experience in threat detection, strong understanding of threat landscapes, and expertise in various security technologies. Pondurance offers competitive compensation, benefits including medical, dental, vision, and 401k, and a supportive, inclusive work environment. This is a remote position with access to office locations in McLean, VA or Indianapolis, IN for those nearby.

Requirements

• Advanced Data Query Experience: Must be able to write and transform queries from one language to another (example - take a query that was written for Splunk and convert it to another SIEM’s syntax to find the same results)
• Intermediate Linux Experience: Must know how to operate on a Linux CLI
• Intermediate Windows Experience: Logging / Log Analysis / Log Alerting
• Intermediate SIEM / SOAR Knowledge: Be able to effectively use SIEM / SOAR platforms to build queries, alerts, actions, etc. (This is user level knowledge, not admin / configuration level knowledge)
• 5+ years experience in threat detection
• Experience with tools used for threat hunting and knowledge of various attack vectors is necessary
• Strong understanding of threat landscapes, threat intelligence, and threat hunting methodologies
• Strong understanding of cyber threats, attack methodologies, and vulnerability assessment
• Strong understanding of network protocols, operating systems and security technologies
• Excellent communication skills, both verbal and written
• Ability to work efficiently both independently and as part of a team
• Analytical Thinking: Break down the fundamental components of a problem or situation, examine the relationship between them, verify all pertinent facts and draw an appropriate conclusion
• Applied Technical Thinking: Able to apply specialized, theoretical knowledge to efficient operational uses
• Multitasking: Able to multitask effectively and shift focus easily and rapidly from one task to another

Responsibilities

• Oversee/advise in the deployment and tuning of security tools and technologies
• Regularly assess the readiness and capabilities of team projects and tasks, providing appropriate support, guidance, or training as needed
• Build new alerting techniques from an ever growing list of data sources, as well as improve existing alerts
• Conduct in-depth research and analysis of emerging cyber threats, attack vectors, and vulnerabilities to proactively identify potential risks
• Stay current with the latest threat landscape and integrate threat intelligence data into detection mechanisms
• Coach and mentor junior detection engineers, provide oversight to junior team members to ensure timely and successful task completion, fostering an environment of continuous learning and improvement
• Work closely with SOC management and analysts to improve alerting workflow
• Improve efficacy of telemetry collection and threat detection rules
• Foster cross functional relationships (kumbaya) with other department engineers to align goals and transfer knowledge
• Contribute to the creation of documents, reports, technical advisories, and whitepapers for internal and external stakeholders
• Participate in sprint demo/planning and other team or project meetings

Preferred Qualifications

• Cloud application logs/monitoring: Familiarity with the big 3 (AWS, Azure, GCP) and O365 is a plus
• Ticketing/development/collaboration tools: Be able to work within internal ticket queues and development management platforms (Atlassian JIRA/Confluence experience a plus)
• Experience with programming in Python is a plus
• Relevant certifications such as CISSP, CEH, OSCP, Security+, GIAC, CTIA or equivalent are a plus

Benefits

• Medical, dental, vision, disability, FSA, HSA, life and AD&D insurance, 401(k) Plan
• Time off: PTO, sick, holiday, & parental leave details are available
• Money: We provide competitive compensation packages based on the market and your overall credentials
• Although this is a remote role, if you live close by, you’ll have access to our office locations: McLean, VA or Indianapolis, IN