[Remote] Detection & Response Engineer

Note: The job is a remote job and is open to candidates in USA. Expel is a fast-growing cybersecurity company focused on managed security solutions. The Detection & Response Engineer will enhance threat detection capabilities, improve SOC analyst efficiency through automation, and contribute to the development of detection strategies within the company. Responsibilities Implement, maintain and iteratively improve Expel's ability to detect and investigate threats using integrated technologies with limited direction Contribute to the growth of Expel’s detection strategy and capability through creation of detections for Expel’s proprietary rule engine Maintain documentation in support of Expel’s detection and response content Improve SOC analyst efficiency by automating investigative workflows using an orchestration framework written in Python Evaluate technology APIs to design detection and response solutions to contribute to improving the value and efficiency in Expel’s Workbench platform Contribute to and thrive in a culture of experimentation, agile, quality and continuous improvement among the team Participate in the team’s research and monitoring of the latest threat landscape and subsequent detection and response automation development Skills 1+ years of experience with detection and response tools, particularly EDR, NSM, and SIEM 1+ years of experience writing, deploying and tuning custom detections based on research or investigative work against common data sets (Windows Event Logs, auditd, CloudTrail, and similar datasets.) Proficiency of Python, Go or other object oriented programming languages Strong understanding of Windows, macOS and Linux operating systems and command line tools Knowledge of networking basics, such as TCP/IP and OSI model Working knowledge and observations of attack vectors, threat tactics, and attacker techniques Understanding of cloud infrastructure platforms and their Identity and Access Management (IAM) models Bachelor's degree in Computer Science or Information Security strongly preferred 3+ years of professional experience in information technology or security operations would be ideal but not required Benefits Unlimited PTO (which we model and encourage) Work location flexibility Up to 24 weeks of parental leave Really excellent health benefits Company Overview Expel is a security operations provider that offers managed detection and response, remediation, phishing support, and threat hunting. It was founded in 2016, and is headquartered in Herndon, Virginia, USA, with a workforce of 201-500 employees. Its website is