Principal Detection Engineer

Bachelor’s degree and 10+ years’ experience in common programming languages used in security technology integration: Python, SQL or KQL, and scripting languages (PowerShell/Bash).
In lieu of a degree, two (2) years of experience in a related technology field and relevant industry certifications are required.
Knowledge and expertise in key SIEM techniques and technologies such as Splunk, Splunk Enterprise Security (ES).
5+ years’ experience developing detections in a multivendor SIEM environment, preferably Splunk and Sentinel.
Demonstrated aptitude communicating complex engineering concepts to audiences of varied technical understanding, including business stakeholders, sales, engineering, and customers.
Experience in Security Operations Center (SOC) content development and automation implementations.
Experience in engineering event detection & response tuning.
Significant experience with DevOps practices and CI/CD systems.
Knowledge of network, system, and application layer attacks and mitigations.
Experience in cybersecurity threat operations, including the processes of collection, processing, correlation, alerting, and response actions taken in defense of varied application environments.
Must be a citizen of the United States.

Define strategies for turning security signals into detections, generating alerts optimized for automation, and when necessary, presentation to analysts who investigate and take necessary actions.
Implement detections to threats or threat actors and vulnerabilities using rule-based, behavioral, and machine learning analytics.
Play a key role in executing our detection and automation strategy, providing contextual data to make alerts binary, analysis more efficient, and defenses more effective for our clients.
Operate and maintain custom tooling, including CI/CD pipelines, to deliver content to client environments reliably, and consistently, driven through a GitOps workflow.
Continuously collect and analyze telemetry from detections in the field and tunes them for quality.
Works with Product Management and Threat Intelligence teams to prioritize and develop detection capabilities.
Explores customer data to test detection hypotheses.
Provides guidance and mentorship to Detection Engineering Team members, clearing a path to excellence with enthusiasm and confidence.
Communicates complex detection engineering concepts with audiences of varied technical understanding, from business stakeholders, sales, engineering teams, and clients.

Experience developing AI/ML driven detections using Big Data.
Experience in Splunk Processing Language (SPL).
Knowledge of MITRE ATT&CK framework and general adversarial / defensive security techniques.
Familiarity with the NIST Cyber Security Framework (CSF), common security controls and their purposes, and technologies that supply those controls.