Windows Detection Engineer

Summary

Join SentinelOne's Windows Behavioral Rules Team as a Windows Detection Engineer! You will develop and maintain detection rules for the Windows agent, analyze false positives, and collaborate with the team to optimize detection capabilities. This 100% remote role (Italy-based) requires 2+ years of experience in detection engineering, a deep understanding of Windows internals and attack TTPs, and proficiency in Python and C/C++. Preferred qualifications include malware analysis and reverse engineering experience. SentinelOne offers a comprehensive benefits package including flexible working hours, generous stock options, yearly bonuses, private medical insurance, flexible time off, parental leave, and professional development opportunities.

Requirements

• 2+ years of experience in Detection Engineering / Red Teaming / Offensive Research
• Experience writing behavioral detection rules for EDR, XDR, SIEM or other similar platforms
• Deep understanding of modern Windows attack TTPs (how malware operates, evasion, and exploitation techniques)
• Understanding of Windows internals
• Hands-on experience with coding in Python and C/C++
• Familiarity with Detection Engineering processes including prioritizing a backlog for research and development, writing unit and integration tests, and with CI/CD technologies such as Jenkins
• Strong analytical and problem-solving skills, with an understanding of false-positive analysis
• Excellent communication and collaboration skills within a team-oriented environment

Responsibilities

• Develop precise and effective detection rules and deliver default rules for the WIN agent
• Rigorously analyze and assess false positives associated with the rules you create
• Contribute to the optimization of rules to minimize false positives and enhance detection accuracy
• Collaborate with the team to optimize existing default rules for superior detection capabilities
• Stay informed about emerging threats, industry trends, and new technologies to continuously improve rule efficacy
• Follow good detection engineering practices and the default rules you develop, including logic, descriptions, and other metadata, tests, and more

Preferred Qualifications

• Experience in malware analysis (statically and dynamically) and reverse engineering (x86/x64)
• Understanding of existing EDR internals

Benefits

• Flexible working hours, this is a 100% remote role based within Italy ; we provide optional membership in major coworking chains
• Optionally for those willing to relocate to the Czech Republic relocation assistance is available for any candidates that are already eligible to work in the EU
• Generous employee stock plan in the form of RSUs (restricted stock units) grant not options; 4 years vesting with 1 year cliff and then quarterly, stock refresh yearly
• Yearly bonus depending on the performance of the company, paid out in 2 installments
• Quadro benefits - Private Medical, Life Insurance, Accident Insurance, Study funds and Healthcare benefits
• Flexible time off (up to 30 paid days off per annum!)
• Global gender-neutral Parental Leave (16 weeks, beyond the leave provided by the local laws) & Grandparent Leave
• Volunteering paid day off & Additional paid Company holidays off (e.g. 4 days in 2022)
• Global Employee Assistance Program (confidential counseling related to both personal and work life matters)
• LinkedIn Learning platform for Hard/Soft skills Training, internal mentoring 'MentorOne' & Support for your further educational activities/trainings
• Above-standard referral bonus
• DEI&B programs that promote employee resource groups like SentinelWIN (Women Inclusion Network), Blk@S1, Latinos@S1, Pan-Asian@S1, Out@S1 (LGBTQIA+) and Sentinels Who Served
• & Aditional country-specific benefits to Italy