As a Lead Detection Engineer, you will be responsible for the lifecycle of threat detection.
You will drive initiatives, research, define, and implement a wide variety of security platforms to detect malicious activity in various stages of the attack lifecycle.
You will build attack simulation scenarios, reproduce attack scenarios, and test the effectiveness of yours and your peers logic.
You will also partner with the engineering teams to develop technology that enables this work
Desired Qualifications:
5+ years of security and hands-on threat detection and response experience, with 2-3 of those years focused on creating use-cases and detection-focused automation
Experience working with and querying SIEM tools or other log-based data
Experience in engineering event-detection & response-tuning
Knowledge of MITRE ATT&CK framework and general adversarial / defensive security techniques
Ability to engineer creative, scalable, and out-of-the-box solutions
Up to date with engineering best practices, security technology trends, tools, and frameworks
Experience in developing detections for attacker tactics, techniques, and procedures (TTPs)
Preferred: Knowledge of cloud technologies, virtualization, containers, service-mesh
Ability to write quality, robust, testable code in at least one programming language (e.g. Golang, Python, C++)
Familiarity with AWS, Azure or general cloud infrastructure framework
Responsibilities:
Lead security investigations and incident retrospectives
Develop and implement Skyflow s Detection and Response strategy
Drive continuous improvement of the detection framework, playbooks, and workflow automation
Contribute to the design and development of engineering solution that support Enterprise-wide security initiatives
Keep the InfoSec team apprised of modern attack techniques and continually integrate knowledge into new or existing detections
Act as an internal subject matter expert and mentor other members of the security team in your area of expertise