Group Manager, Threat Detection Engineering and Operations
About the position
Responsibilities
• Define detection engineering strategy, roadmap, and objectives
• Build and mature detection engineering processes and standard patterns
• Build new detection capabilities based on research of new attack techniques
• Evaluate, validate, tune, and sunset necessary detection capabilities
• Identify and close gaps in detection coverage
• Build runbooks and playbooks for SOC analysts to operationalize new detections
• Work with system owners, SIEM team, and Detection Operations to onboard and operationalize new data sources
• Define and manage coverage and efficacy metrics, reporting them on a regular cadence to leadership
• Lead root cause analysis for detection quality issues and direct next steps to address and prevent recurrence
• Participate in Cyber Incident Response Team (CIRT) rotation that may involve non-traditional working hours
Requirements
• BA/BS degree or higher in Computer Science, Cybersecurity or equivalent work experience
• 5+ years' industry experience in Incident Response or Security Operations activities
• 3+ years leadership experience in a SOC or similar role
• Proven track record of building scalable organizations that have world class threat detection capabilities
• Technical proficiency performing security investigations at scale; including endpoint, cloud, identity, network, and email threats
• Practical experience with Detection & Response tools for network, endpoints, cloud, and identity as well as SOAR platforms
• Hands-on experience with SIEM and Data Lake solutions (e.g., Splunk, Snowflake, S3)
• Expertise with query languages (SQL, SPL, BigQuery)
• Strong fundamentals of Linux, MacOS, and Windows operating system internals
• Deep understanding of attacker techniques, tools and procedures
• Understanding of cloud environments such as AWS, GCP, and/or Azure
• Proficiency creating and managing operational metrics that increase team efficiency and quality
• Experience with coding languages to build/automate (e.g., Python, Go)
• Experience working with security frameworks like MITRE ATT&CK or Lockheed Martin's Cyber Kill Chain; ability to track and discuss an attack through the cyber killchain
• Ability to manage effective relationships with organizational leaders, build a roadmap, and drive broad initiatives to completion
• Understanding of Machine Learning concepts as related to predictive analytics
• Experience with forensic data capture, analysis, and preservation
• Comprehensive understanding of the detection engineering field
Nice-to-haves
• Admin or Architect level knowledge of a SIEM (Splunk, Azure Sentinel, QRadar, etc)
• In-depth knowledge of security standard processes in large-scale environments
• Ability to navigate hard conversations and disseminate information to team members
• Willingness and ability to accept responsibility and provide guidance to team members
• Effective organizational and planning skills, with the ability to successfully guide projects through to completion
• Experience with software development or security automation highly preferred
• CISSP or CISM certification preferred
• Hands-on experience with AWS Cloud (AWS Solutions Architect level of knowledge)
Benefits
• Competitive compensation package
• Cash bonus eligibility
• Equity rewards
• Comprehensive benefits package
• Regular pay equity comparisons across categories of ethnicity and gender
Apply Now
Apply Now
Responsibilities
• Define detection engineering strategy, roadmap, and objectives
• Build and mature detection engineering processes and standard patterns
• Build new detection capabilities based on research of new attack techniques
• Evaluate, validate, tune, and sunset necessary detection capabilities
• Identify and close gaps in detection coverage
• Build runbooks and playbooks for SOC analysts to operationalize new detections
• Work with system owners, SIEM team, and Detection Operations to onboard and operationalize new data sources
• Define and manage coverage and efficacy metrics, reporting them on a regular cadence to leadership
• Lead root cause analysis for detection quality issues and direct next steps to address and prevent recurrence
• Participate in Cyber Incident Response Team (CIRT) rotation that may involve non-traditional working hours
Requirements
• BA/BS degree or higher in Computer Science, Cybersecurity or equivalent work experience
• 5+ years' industry experience in Incident Response or Security Operations activities
• 3+ years leadership experience in a SOC or similar role
• Proven track record of building scalable organizations that have world class threat detection capabilities
• Technical proficiency performing security investigations at scale; including endpoint, cloud, identity, network, and email threats
• Practical experience with Detection & Response tools for network, endpoints, cloud, and identity as well as SOAR platforms
• Hands-on experience with SIEM and Data Lake solutions (e.g., Splunk, Snowflake, S3)
• Expertise with query languages (SQL, SPL, BigQuery)
• Strong fundamentals of Linux, MacOS, and Windows operating system internals
• Deep understanding of attacker techniques, tools and procedures
• Understanding of cloud environments such as AWS, GCP, and/or Azure
• Proficiency creating and managing operational metrics that increase team efficiency and quality
• Experience with coding languages to build/automate (e.g., Python, Go)
• Experience working with security frameworks like MITRE ATT&CK or Lockheed Martin's Cyber Kill Chain; ability to track and discuss an attack through the cyber killchain
• Ability to manage effective relationships with organizational leaders, build a roadmap, and drive broad initiatives to completion
• Understanding of Machine Learning concepts as related to predictive analytics
• Experience with forensic data capture, analysis, and preservation
• Comprehensive understanding of the detection engineering field
Nice-to-haves
• Admin or Architect level knowledge of a SIEM (Splunk, Azure Sentinel, QRadar, etc)
• In-depth knowledge of security standard processes in large-scale environments
• Ability to navigate hard conversations and disseminate information to team members
• Willingness and ability to accept responsibility and provide guidance to team members
• Effective organizational and planning skills, with the ability to successfully guide projects through to completion
• Experience with software development or security automation highly preferred
• CISSP or CISM certification preferred
• Hands-on experience with AWS Cloud (AWS Solutions Architect level of knowledge)
Benefits
• Competitive compensation package
• Cash bonus eligibility
• Equity rewards
• Comprehensive benefits package
• Regular pay equity comparisons across categories of ethnicity and gender
Apply Now
Apply Now