Description:
The successful candidate will report to the Manager of Tactical Threat Response and be responsible for end-to-end threat detection in our MDR for Network service. The Tactical Threat Response (TTR) team creates proprietary security content, network rules to detect threats, and runbooks to streamline investigations. TTR is made up of dedicated security experts that manage the entire content creation process, which is informed by observations from our Security Operations Center (SOC), outputs from the other teams within the Threat Response Unit (TRU) and the MITRE ATT&CK framework. The TTR team manages the security content development roadmap to ensure our services keep up with the threat landscape.
Responsibilities
- Identifying, organizing, and processing new novel detection techniques
- Triaging new detectors
- Detector development
- Deployment and Support
- Ongoing tuning and maintenance
- Network Threat Detection subject matter expert
Desired Skills
- Threat Modeling: Understand how adversaries will attack network/cloud infrastructure, what their goals may be, and where detection opportunities exist
- Security Data Analysis and Analytics: Identify patterns and anomalies in logs, packet captures, system events, and other relevant security data, apply analytics, and create actionable detections
- Investigation Theory: Ability to take an alert and define repeatable investigation steps that support a security outcome
- Threat Hunting: Understand adversary behavior, develop a hypothesis, design hunts, and interpret the results
- Process oriented: Experienceunderstanding, following, updating, and creating repeatable instructions for day-to-day activities
- Independent self-starter: Experience independently generating ideas, developing a plan, and executing on that plan
Requirements
- Experience interpreting and writing Suricata rules
- Understanding and experience with network attacks, adversary goals, and investigating incidents using network data
- Experience analyzing network data and developing rules that may require you to use regex, YARA, Sigma, or any other enterprise grade technology or formats
- Experience threat hunting using session data or raw PCAP
- Experience documenting investigation strategies or developing incident reports
- Knowledge of attacker tactics, techniques, and procedures and understanding of how these activities manifest in network data
- Knowledge of operating systems and networking
- Knowledge of Incident Response and Forensics applied to network data
- Experience in testing security signatures in controlled environments to ensure accuracy and minimize false positives
- Familiarity with relevant industry compliance standards (e.g., PCI DSS, HIPAA, GDPR) and the ability to develop signatures to meet compliance requirements