Develop and document new Detection Capabilities for customer environments
Work with customers to develop a comprehensive strategy for effective detections
Leverage industry frameworks, such as MITRE ATT&CK Framework, for customer-facing alert improvement roadmap
Apply knowledge of common detection tools (Azure logging, command line logging, etc.) to advise customers on logging capabilities to expand applicable detection library
Confidently prioritize log sources for ingestion and enablement
Evaluate current monitoring and detection capabilities to identify areas for improvement
Conduct Detection Gap Analyses
Manage detection capabilities to ensure appropriate coverage, effective operation, and adherence to Deepwatch standards
Detection Enablement
Detection Effectiveness (Tuning, Validation, etc.)
Detection Creation
Onboard assigned customers, establishing baseline detection coverage and detection enablement plan post onboarding
Ensure ingested log sources conform to CIM standards

Requirements

Experience working for a Managed Security Service Provider (MSSP) or similar cybersecurity organization
Experience working and querying SIEM tools or other log-based data preferably Splunk
Experience in engineering event detection & response tuning
Ability to engineer creative, scalable, and out-of-the-box solutions
Up to date with engineering best practices, security technology trends, tools, and frameworks
Experience in developing detections for attacker tactics, techniques, and procedures (TTPs)
Able to both investigate and create security rules in at least 1 SIEM
Understanding of general enterprise network architecture and security incident response
Understanding of common enterprise technologies and logging capabilities including Cloud, IDS/IPS, Firewalls, Active Directory, Anti-Virus/EDR, Proxies, and Email Gateway
Understanding of various attack frameworks such as MITRE ATT&CK and general adversarial / defensive security techniques (e.g. the Cyber Kill Chain, and NIST)
Ability to communicate and document technical information effectively towards various audience

Benefits

Medical, dental, vision, and disability insurance
Flexible Time Off (FTO), 11 company holidays, sick leave and 8-Weeks Paid Parental Leave
Unique professional development benefits, starting at $3,000 annually
Wellness contests and monthly educational programs
401(K) retirement program

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

detection capabilitiesdetection gap analysisevent detectionresponse tuningsecurity rules creationlogging capabilitiesdetection effectivenessdetection creationquerying SIEMengineering best practices

Soft Skills

communicationdocumentationproblem-solvingcreativityprioritizationcustomer engagementstrategic thinkinganalytical thinkingcollaborationadaptability