Threat Detection Engineer Apply
| Job Title | Threat Detection Engineer |
| Relevant Experience (in Yrs) | 6+ |
| Technical/Functional Skills | ELK stack, Fireeye HX, Sysmon, Winlogbeat |
| Experience Required | 6+ |
| Roles & Responsibilities |
Technical knowledge to write & develop rules for CIRT analysis, experience on ELK stack, Fireeye HX, Sysmon, Winlogbeat, CI-CD pipeline.
Deep understanding of cyber threat actor attacker techniques and tools (such as malware, common attack types) including evasion techniques, reconnaissance, scanning, exploitation, evasion, lateral movement, persistence, and exploits), proficient with MITRE ATT&CK Deep understanding of security operations center processes, tools, and data for analysis & control mitigations, security event timeline analysis and baselining with experience in the analysis of logs and data for the development and implementation of custom detections to counter attacker techniques, known vulnerabilities and evasion methods Security architecture (network topology, firewalls, proxies, web content filtering, wireless, EDR, IDS, IPS, SIEM, SOAR, etc.) Network data sources (full packet analysis, flow data, dns logs, proxy logs, NIDS, etc.) Knowledge and experience with common scripting languages and tools Python, PowerShell, Bash, YAML Deep knowledge of compound logical operations (AND, OR, NOT), regular expressions Experience extracting data from logs, SQL, and APIs Knowledge and experience with tools used to build threat detections (Elastalert, Logstash, Kibana (ELK), Fireeye HX, Sysmon, Winlogbeat, Linux Auditd) Deep understanding and experience with Operating Systems Including: Administration, configuration, registry, processes (Windows, Mac, and Linux) Experience in red team/blue team/incident responder interaction |
