Senior Security Engineer – Detection Engineering

Senior Security Engineer – Detection Engineering

Requirements

• Experience in using and maintaining Splunk for investigating threats, developing detections, normalizing data feeds, and integrating with other tools.
• Familiarity of attacker tactics, techniques, and procedures (TTPs) and investigating advanced threats.
• Proficiency in one or more general purpose programming languages such as Python, Ruby, Go, or Rust.
• Experience with at least one major public cloud infrastructure, such as Amazon Web Services (AWS) or Google Cloud Platform (GCP).
• Familiarity with modern security frameworks and best practices, such as the MITRE ATT&CK framework and NIST CSF.
• Experience with Linux administration at scale, associated intrusion/manipulation techniques, and standard methodologies for system hardening and process isolation.

Responsibilities

• Develop detections and other analytics to identify threats across cloud, corporate, and edge environments.
• Investigate potential security threats and support security incidents.
• Research, evaluate, implement, and maintain a variety of custom and commercial security tools, such as EDR, SOAR, and SIEM.
• Build custom tooling and automations to improve the detection lifecycle and security incident response.
• Develop and maintain incident response playbooks and other detection and response documentation.
• Conduct threat hunts to discover unknown malicious activity across our environment.
• Participate in our on-call rotations.

Preferred Qualifications

• Published security research or have spoken at community events on threat detection or incident response.
• Developed automations or tooling to improve security operations.
• Have experience developing or deploying a detection CI/CD pipeline, including developing testing criteria and continuous validation (e.g., Splunk Attack Range or Atomic Red Team).
• Familiarity with content delivery networks (CDN), edge cloud platforms, or Fastly products and services.