Windows Detection Engineer

closed
SentinelOne Logo

SentinelOne

πŸ“Remote - Italy

Summary

Join SentinelOne's Windows Behavioral Rules Team as a Windows Detection Engineer! You will develop and maintain detection rules for the Windows agent, analyze false positives, and collaborate with the team to optimize detection capabilities. This 100% remote role (Italy-based) requires 2+ years of experience in detection engineering, a deep understanding of Windows internals and attack TTPs, and proficiency in Python and C/C++. Preferred qualifications include malware analysis and reverse engineering experience. SentinelOne offers a comprehensive benefits package including flexible working hours, generous stock options, yearly bonuses, private medical insurance, flexible time off, parental leave, and professional development opportunities.

Requirements

  • 2+ years of experience in Detection Engineering / Red Teaming / Offensive Research
  • Experience writing behavioral detection rules for EDR, XDR, SIEM or other similar platforms
  • Deep understanding of modern Windows attack TTPs (how malware operates, evasion, and exploitation techniques)
  • Understanding of Windows internals
  • Hands-on experience with coding in Python and C/C++
  • Familiarity with Detection Engineering processes including prioritizing a backlog for research and development, writing unit and integration tests, and with CI/CD technologies such as Jenkins
  • Strong analytical and problem-solving skills, with an understanding of false-positive analysis
  • Excellent communication and collaboration skills within a team-oriented environment

Responsibilities

  • Develop precise and effective detection rules and deliver default rules for the WIN agent
  • Rigorously analyze and assess false positives associated with the rules you create
  • Contribute to the optimization of rules to minimize false positives and enhance detection accuracy
  • Collaborate with the team to optimize existing default rules for superior detection capabilities
  • Stay informed about emerging threats, industry trends, and new technologies to continuously improve rule efficacy
  • Follow good detection engineering practices and the default rules you develop, including logic, descriptions, and other metadata, tests, and more

Preferred Qualifications

  • Experience in malware analysis (statically and dynamically) and reverse engineering (x86/x64)
  • Understanding of existing EDR internals

Benefits

  • Flexible working hours, this is a 100% remote role based within Italy ; we provide optional membership in major coworking chains
  • Optionally for those willing to relocate to the Czech Republic relocation assistance is available for any candidates that are already eligible to work in the EU
  • Generous employee stock plan in the form of RSUs (restricted stock units) grant not options; 4 years vesting with 1 year cliff and then quarterly, stock refresh yearly
  • Yearly bonus depending on the performance of the company, paid out in 2 installments
  • Quadro benefits - Private Medical, Life Insurance, Accident Insurance, Study funds and Healthcare benefits
  • Flexible time off (up to 30 paid days off per annum!)
  • Global gender-neutral Parental Leave (16 weeks, beyond the leave provided by the local laws) & Grandparent Leave
  • Volunteering paid day off & Additional paid Company holidays off (e.g. 4 days in 2022)
  • Global Employee Assistance Program (confidential counseling related to both personal and work life matters)
  • LinkedIn Learning platform for Hard/Soft skills Training, internal mentoring 'MentorOne' & Support for your further educational activities/trainings
  • Above-standard referral bonus
  • DEI&B programs that promote employee resource groups like SentinelWIN (Women Inclusion Network), Blk@S1, Latinos@S1, Pan-Asian@S1, Out@S1 (LGBTQIA+) and Sentinels Who Served
  • & Aditional country-specific benefits to Italy
This job is filled or no longer available

Similar Remote Jobs