The detection engineer blends technical skills, threat research experience, and knowledge of adversary techniques to work with new and existing data sources to create high fidelity, actionable alerts the ITSO SOC can use to quickly and effectively identify, analyze, and eradicate cybersecurity threats.
This individual will be familiar with adversary Tactics, Techniques, and Procedures (TTPs), and will identify opportunities to improve the effectiveness of existing detection efforts. They will be responsible for developing methodologies to maintain and maximize the integrity and effectiveness of existing alerting through the creation, periodic review, testing, and validation of custom detection content.
Additionally, they will leverage cybersecurity threat intelligence and collaborate with the SOC’s incident response teams to meet operational needs and defend against real-world threats.
The minimum qualifications are as follows:
1. A minimum of three years of experience working in detection engineering, threat hunting, security operations, or incident response using Splunk Enterprise Security or Microsoft Sentinel.
2. Experience with the processes to add/update/delete detection rules in Splunk Enterprise Security and Microsoft Sentinel.
3. Proficient in detection engineering methodologies including SNORT and YARA rules.
4. Proficient in Python programming, Bash, and PowerShell.
5. Proficient in Splunk’s Search Processing Language, React, Kusto Query Language, and the Common Information Model (CIM).
6. Knowledgeable and experienced in leveraging cybersecurity threat intelligence, indicators of compromise, STIX/TAXII data feeds, MITRE ATT&CK, and SIEM integrations.
7. Strong experience in networking principles, operating systems (Linux / Windows), and security tools such as IDS/IPS, firewalls, proxy servers and Endpoint Detection and Response (EDR).
8. Knowledge of Windows Sysinternal Suite (including Sysmon) Unix auditd, and how to tune configuration files for identification of malicious activity.
9. At least one of the following certifications: Splunk Enterprise Security Certified Admin credential or have passed the AZ-500 Microsoft Azure Security Technologies exam.
ADDITIONAL QUALIFYING FACTORS:
A satisfactory background screening, negative drug test, positive references and proof of identity and legal authorization to work in the United States and for TTO are required.
The Tatitlek Corporation gives hiring, promotion, training and retention preference to Tatitlek shareholders, shareholder descendants and shareholder spouses who meet the minimum qualifications for the job.
As an equal opportunity employer, The Tatitlek Corporation recognizes that our strength lies in our people. Discrimination and all unlawful harassment, including sexual harassment, in employment is not tolerated. We encourage success based on our individual merits and abilities without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, disability, marital status, citizenship status, military status, protected Veteran’s status or employment.
Salary $165k/annually Options Apply for this job onlineApplyShareEmail this job to a friendRefer Sorry the Share function is not working properly at this moment. Please refresh the page and try again later. Share on your newsfeed Application FAQsSoftware Powered by iCIMS
www.icims.com