Staff Detection and Response Engineer
About the job
We are looking for an experienced Security Engineer to join our Detection and Response Team (DART). You will help us build out a world class incident response function that will navigate challenging security incidents, drive process improvement, develop an open culture where we grow from our mistakes as an organization. In this role, you will also build the tools and detection infrastructure that we need to scale our detection and response capability across all threats to our Production and Corporate environments.
What You’ll Do
Respond to security events, triage, perform investigations, incident analysis, and communicate clearly and efficiently to stakeholders
Contribute to improving processes, procedures, and technologies used for detection and response, enabling us to improve after each incident
Develop and run tools to gather security telemetry data from cloud production systems
Automate workflows and improve identification and response time for security events
Build and optimize detection rules, allowing us to spend our cycles on the alerts that matter
Develop runbooks and incident playbooks for new and existing detections
Lead Threat hunting practices, suggest product and infrastructure signals to surface attacks and incorporate findings into security controls
What We’re Looking For
8+ years of full-time experience as a security engineer, including security monitoring, incident response, and threat hunting in a cloud environment
A defensive practitioner who understands offensive security and, the actual scenarios that lead to compromise
Prior experience leading complex investigations with a large number of stakeholders
Strong communication skills and a proven track record of communicating with internal and external stakeholders at all levels.
Expertise on AWS security controls and services.
Experience leveraging coding for automation, alert enrichment and detections.
Knowledge of adversary tactics, techniques, and procedures (TTPs) and MITRE ATT&CK principles
Hands-on experience with data analysis, modeling, and correlation at scale
Operating systems internals and forensics experience for macOS, Windows & Linux
Domain experience managing and working with current SIEM and SOAR platforms
Experience developing tools and automation using common DevOps toolsets and programming languages
Understanding of malware functionality and persistence mechanisms
Ability to analyze endpoint, network, and application logs for anomalous events