Windows Detection Engineer
closed
SentinelOne
Summary
Join SentinelOne's Windows Behavioral Rules Team as a Windows Detection Engineer! You will develop and maintain detection rules for the Windows agent, analyze false positives, and collaborate with the team to optimize detection capabilities. This 100% remote role (Italy-based) requires 2+ years of experience in detection engineering, a deep understanding of Windows internals and attack TTPs, and proficiency in Python and C/C++. Preferred qualifications include malware analysis and reverse engineering experience. SentinelOne offers a comprehensive benefits package including flexible working hours, generous stock options, yearly bonuses, private medical insurance, flexible time off, parental leave, and professional development opportunities.
Requirements
- 2+ years of experience in Detection Engineering / Red Teaming / Offensive Research
- Experience writing behavioral detection rules for EDR, XDR, SIEM or other similar platforms
- Deep understanding of modern Windows attack TTPs (how malware operates, evasion, and exploitation techniques)
- Understanding of Windows internals
- Hands-on experience with coding in Python and C/C++
- Familiarity with Detection Engineering processes including prioritizing a backlog for research and development, writing unit and integration tests, and with CI/CD technologies such as Jenkins
- Strong analytical and problem-solving skills, with an understanding of false-positive analysis
- Excellent communication and collaboration skills within a team-oriented environment
Responsibilities
- Develop precise and effective detection rules and deliver default rules for the WIN agent
- Rigorously analyze and assess false positives associated with the rules you create
- Contribute to the optimization of rules to minimize false positives and enhance detection accuracy
- Collaborate with the team to optimize existing default rules for superior detection capabilities
- Stay informed about emerging threats, industry trends, and new technologies to continuously improve rule efficacy
- Follow good detection engineering practices and the default rules you develop, including logic, descriptions, and other metadata, tests, and more
Preferred Qualifications
- Experience in malware analysis (statically and dynamically) and reverse engineering (x86/x64)
- Understanding of existing EDR internals
Benefits
- Flexible working hours, this is a 100% remote role based within Italy ; we provide optional membership in major coworking chains
- Optionally for those willing to relocate to the Czech Republic relocation assistance is available for any candidates that are already eligible to work in the EU
- Generous employee stock plan in the form of RSUs (restricted stock units) grant not options; 4 years vesting with 1 year cliff and then quarterly, stock refresh yearly
- Yearly bonus depending on the performance of the company, paid out in 2 installments
- Quadro benefits - Private Medical, Life Insurance, Accident Insurance, Study funds and Healthcare benefits
- Flexible time off (up to 30 paid days off per annum!)
- Global gender-neutral Parental Leave (16 weeks, beyond the leave provided by the local laws) & Grandparent Leave
- Volunteering paid day off & Additional paid Company holidays off (e.g. 4 days in 2022)
- Global Employee Assistance Program (confidential counseling related to both personal and work life matters)
- LinkedIn Learning platform for Hard/Soft skills Training, internal mentoring 'MentorOne' & Support for your further educational activities/trainings
- Above-standard referral bonus
- DEI&B programs that promote employee resource groups like SentinelWIN (Women Inclusion Network), Blk@S1, Latinos@S1, Pan-Asian@S1, Out@S1 (LGBTQIA+) and Sentinels Who Served
- & Aditional country-specific benefits to Italy