Detection Engineer
Foresite delivers a range of managed security, and cyber consulting & compliance solutions through strategic channel partnerships serving more than 1,000 customers globally.
These unique and flexible solutions offer businesses innovative ways to address the liabilities of today's complex security and compliance requirements.
Our professionals, long experienced and highly knowledgeable in IT management and security, apply their expertise to providing superior product performance and unparalleled customer service through Foresite's proprietary ProVision platform.
Foresite is headquartered in Overland Park KS, with Operation Centers in Kansas City and Farnborough, UK.
Position
Summary:
Foresite is seeking enthusiastic curious, growth minded thinkers, to help shape our vision to provide Security Services for our valued customers operating all over the world.
The Detection Engineer will play a crucial role in designing, implementing, and maintaining advanced detection mechanisms to identify and respond to cyber threats.
You will be responsible for collaborating with Security Analysts, Security Engineers, and SIEM Architects to create high fidelity detections utilizing Google Chronicle SIEM and the YARA-L rule language.
A successful candidate will demonstrate the capacity to consistently meet and exceed expectations representing and reinforcing the Foresite brand through positive interaction with clients and colleagues.
This position will work closely with SOC personnel and clients to fortify defense mechanisms and safeguard digital assets.
Perform adversary emulation activities to identify detection gaps.
Research emerging adversary techniques and tooling, using the knowledge gained to build novel detections.
Engage with relevant owners of high-risk systems and services to identify and prioritize detection gaps.
Investigate anomalous or suspicious behavior in the environment as it is identified in the detection engineering process.
Utilize data analytics and machine learning to create anomaly detection algorithms.
Monitor network and system logs for unusual activities.
Continuously improve and update detection rules and policies.
Collaborate with the security operations center (SOC) to enhance threat detection capabilities.
Stay updated on the latest cybersecurity trends, techniques, and threat vectors.
This is a role with wide breadth that will have the latitude to design and implement cutting edge security architecture.
Responsibilities:
o Build and optimize tailored detection signatures, response playbooks, and response automation using detection-as-code principles.
o Lead threat modeling scenarios with cross-functional partners to understand weaknesses across Cloud, Mobile, Endpoints, and other environments incorporating findings into security controls and/or detection signatures.
o Build new alerting techniques from an ever-growing list of data sources, as well as improve existing alerts.
o Develop advanced SIEM correlation rules, content, data models, connectors, reports, and dashboards based upon internal and customer requirements to detect emerging threats.
o Build and operate detection-as-code CI/CD pipelines.
o Build code reviews and testing to ensure high quality and high-fidelity detections.
o Improve efficacy of telemetry collection and threat detection rules.
o Manage, develop, and tune alerts, inputs, scripts, and APIs that integrate with the SIEM including log sources and troubleshooting sources or systems.
o Provide regular training sessions and mentorship opportunities to facilitate knowledge-sharing within the team.
o Research and develop mitigation strategies to address the evolution of security trends and threat landscapes.
o Generate and maintain operational processes and training documentation.
o Provide input to constantly improve our products and services to add value for our customers.
o Deliver presentations and develop technical training content on Google Security products and services, including but not limited to Chronicle SIEM.
o Build relationships with clients, developers, stakeholders, and security champions, to incorporate security principles into engineering design and deployments.
o Regularly research and learn new tactics, techniques, and procedures (TTPs), and work with clients and colleagues to assess risk and implement/validate detection controls.
o Evaluate existing SIEM queries, reports, and dashboards to make recommendations on changes to events being monitored.
o Other duties as assigned.
Qualifications:
o 10
years' experience in the security industry, in any combination of security research, security-oriented software development, or operational security engineering.
o 5
years' experience in developing security products in either software engineering or a security research role.
o Demonstrate hands-on skills in a major scripting/programming language or a search query language for use in security operations and threat detection.
o Highly proficient in one of the following languages (Python, Go, SQL, Rust, or C/C++).
o Experience building and refining SIEM tools, large-scale data pipelines, and logging architecture.
o Domain experience managing and working with current SIEM and SOAR platforms.
o Knowledge of cloud infrastructure and security implications of hybrid environmentso Advanced understanding of networking concepts and ability to analyze network artifacts.
o Understanding of the MITRE ATT&CK framework and other cyber kill chains.
o Excellent communication skills, both verbal and written.
o An intellectually curious problem solver focused on collaborative ideation.
Skills:
o Ability to think and act strategically and proactively.
o Advanced Data Query
Experience:
Must be able to write and transform queries from one rule language to another (example - take a query that was written for Splunk and convert it to another SIEM's syntax to find the same results).
o Experience working in a traditional software development lifecycle.
o Strong knowledge of cybersecurity technologies including EDR, cloud, firewalls, intrusion detection and prevention systems, data loss prevention systems, and vulnerability management tools.
o Experience with writing detections and detection languages (Sigma, Yara, Yara-L, STIX, etc.
)o Experience with vulnerability research and exploit developmento Experience with malware analysis, malware functionality, and persistence mechanisms.
o Experience conducting large scale data analysis and utilizing big data tools such as SQL, jupyter notebooks, etc.
o Experience developing tools and automation using common DevOps toolsets and programming languages.
o Ability to analyze endpoint, network, and application logs for anomalous events.
o Professional demeanor and strong work ethic o Strong written communication skills including the ability to develop process documentation or guidelines for technical staff.
o Strong verbal communication and collaboration skills including the ability to work with both technical and non-technical customers/peers to research and resolve problems.
o Advanced knowledge of at least one leading SIEM platform (Sentinel, Splunk, Elastic, IBM Qradar, Chronicle etc.
)o Ability to apply critical thinking and logic to a wide range of intellectual and practical problems.
o Ability to maintain composure under pressure and work calmly in high pressure environments.
Recommended Skills Api Algorithms Anomaly Detection Architecture Automation Big Data Estimated Salary: $20 to $28 per hour based on qualifications.
These unique and flexible solutions offer businesses innovative ways to address the liabilities of today's complex security and compliance requirements.
Our professionals, long experienced and highly knowledgeable in IT management and security, apply their expertise to providing superior product performance and unparalleled customer service through Foresite's proprietary ProVision platform.
Foresite is headquartered in Overland Park KS, with Operation Centers in Kansas City and Farnborough, UK.
Position
Summary:
Foresite is seeking enthusiastic curious, growth minded thinkers, to help shape our vision to provide Security Services for our valued customers operating all over the world.
The Detection Engineer will play a crucial role in designing, implementing, and maintaining advanced detection mechanisms to identify and respond to cyber threats.
You will be responsible for collaborating with Security Analysts, Security Engineers, and SIEM Architects to create high fidelity detections utilizing Google Chronicle SIEM and the YARA-L rule language.
A successful candidate will demonstrate the capacity to consistently meet and exceed expectations representing and reinforcing the Foresite brand through positive interaction with clients and colleagues.
This position will work closely with SOC personnel and clients to fortify defense mechanisms and safeguard digital assets.
Perform adversary emulation activities to identify detection gaps.
Research emerging adversary techniques and tooling, using the knowledge gained to build novel detections.
Engage with relevant owners of high-risk systems and services to identify and prioritize detection gaps.
Investigate anomalous or suspicious behavior in the environment as it is identified in the detection engineering process.
Utilize data analytics and machine learning to create anomaly detection algorithms.
Monitor network and system logs for unusual activities.
Continuously improve and update detection rules and policies.
Collaborate with the security operations center (SOC) to enhance threat detection capabilities.
Stay updated on the latest cybersecurity trends, techniques, and threat vectors.
This is a role with wide breadth that will have the latitude to design and implement cutting edge security architecture.
Responsibilities:
o Build and optimize tailored detection signatures, response playbooks, and response automation using detection-as-code principles.
o Lead threat modeling scenarios with cross-functional partners to understand weaknesses across Cloud, Mobile, Endpoints, and other environments incorporating findings into security controls and/or detection signatures.
o Build new alerting techniques from an ever-growing list of data sources, as well as improve existing alerts.
o Develop advanced SIEM correlation rules, content, data models, connectors, reports, and dashboards based upon internal and customer requirements to detect emerging threats.
o Build and operate detection-as-code CI/CD pipelines.
o Build code reviews and testing to ensure high quality and high-fidelity detections.
o Improve efficacy of telemetry collection and threat detection rules.
o Manage, develop, and tune alerts, inputs, scripts, and APIs that integrate with the SIEM including log sources and troubleshooting sources or systems.
o Provide regular training sessions and mentorship opportunities to facilitate knowledge-sharing within the team.
o Research and develop mitigation strategies to address the evolution of security trends and threat landscapes.
o Generate and maintain operational processes and training documentation.
o Provide input to constantly improve our products and services to add value for our customers.
o Deliver presentations and develop technical training content on Google Security products and services, including but not limited to Chronicle SIEM.
o Build relationships with clients, developers, stakeholders, and security champions, to incorporate security principles into engineering design and deployments.
o Regularly research and learn new tactics, techniques, and procedures (TTPs), and work with clients and colleagues to assess risk and implement/validate detection controls.
o Evaluate existing SIEM queries, reports, and dashboards to make recommendations on changes to events being monitored.
o Other duties as assigned.
Qualifications:
o 10
years' experience in the security industry, in any combination of security research, security-oriented software development, or operational security engineering.
o 5
years' experience in developing security products in either software engineering or a security research role.
o Demonstrate hands-on skills in a major scripting/programming language or a search query language for use in security operations and threat detection.
o Highly proficient in one of the following languages (Python, Go, SQL, Rust, or C/C++).
o Experience building and refining SIEM tools, large-scale data pipelines, and logging architecture.
o Domain experience managing and working with current SIEM and SOAR platforms.
o Knowledge of cloud infrastructure and security implications of hybrid environmentso Advanced understanding of networking concepts and ability to analyze network artifacts.
o Understanding of the MITRE ATT&CK framework and other cyber kill chains.
o Excellent communication skills, both verbal and written.
o An intellectually curious problem solver focused on collaborative ideation.
Skills:
o Ability to think and act strategically and proactively.
o Advanced Data Query
Experience:
Must be able to write and transform queries from one rule language to another (example - take a query that was written for Splunk and convert it to another SIEM's syntax to find the same results).
o Experience working in a traditional software development lifecycle.
o Strong knowledge of cybersecurity technologies including EDR, cloud, firewalls, intrusion detection and prevention systems, data loss prevention systems, and vulnerability management tools.
o Experience with writing detections and detection languages (Sigma, Yara, Yara-L, STIX, etc.
)o Experience with vulnerability research and exploit developmento Experience with malware analysis, malware functionality, and persistence mechanisms.
o Experience conducting large scale data analysis and utilizing big data tools such as SQL, jupyter notebooks, etc.
o Experience developing tools and automation using common DevOps toolsets and programming languages.
o Ability to analyze endpoint, network, and application logs for anomalous events.
o Professional demeanor and strong work ethic o Strong written communication skills including the ability to develop process documentation or guidelines for technical staff.
o Strong verbal communication and collaboration skills including the ability to work with both technical and non-technical customers/peers to research and resolve problems.
o Advanced knowledge of at least one leading SIEM platform (Sentinel, Splunk, Elastic, IBM Qradar, Chronicle etc.
)o Ability to apply critical thinking and logic to a wide range of intellectual and practical problems.
o Ability to maintain composure under pressure and work calmly in high pressure environments.
Recommended Skills Api Algorithms Anomaly Detection Architecture Automation Big Data Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
