Threat Detection Engineer

Tesserent is a full-service cybersecurity solutions provider. We partner with clients across Australia and New Zealand in the protection of their digital assets. With offices across Australia and New Zealand, we partner with clients to provide a full suite of cybersecurity services. Our mission is to be the sovereign cybersecurity provider of choice for the protection of Australia and New Zealand’s digital assets. 

The Threat Detection Engineer role encompasses the tasks and responsibilities surrounding collection, analysis, production and testing of threat detection implementations within SIEM, SOAR, EDR, MDR, NIDS and HIDS systems and platforms – informed by Cyber Threat Intelligence to deliver high fidelity and effective detection and prevention logic for Tesserent and our customers. 

Accountabilities 

• Staying up to date with the latest cyber threats, techniques, tools and campaigns. 

• Building threat models from customer’s attack surface information combined with Cyber Threat Intelligence. 

• Selecting and tuning use-cases and detection logic to match customers unique attack profiles. 

• Translating threat hunting output and research into viable, complete and high-fidelity detection logic. 

• Managing and delivering the process for rule testing, regression testing, tuning and quality assurance. 

• Documenting and maintaining detection engineering process, procedures and platforms. 

• Planning, prototyping, and assisting with the development of tools, technologies and automations to integrate detection engineering functions with other SecOps functions such as CTI and analytics to create efficiencies and ensure Tesserent delivers a world class solution. 

Competencies 

Technical Skills 

• Understanding of statistical methods of analysis and proof, application of statistical methods such as p values, confidence levels, probability calculations, and hypothesis testing. 

• Thorough understanding of cybersecurity concepts, including offensive and defensive. 

• Experience with security analytics data sets and log sources including device, appliance, application, cloud, SaaS and identity. 

• Experience with SIEM, SOAR, Log Management and CTI platforms is highly favourable – Sentinel, Splunk,  

• Strong query, scripting and or programming skills – may include SPL, KQL, SQL, FQL, R, python, bash, Golang, Rust. 

• Understanding of performance impact and optimisation of detection and prevention controls. 

• Understanding of vulnerabilities and attack types – including OWASP. 

• Understanding of technical frameworks and kill chains such as MITRE ATT&CK. 

• Understanding of cybersecurity frameworks such as ISM, essential 8, ISO27001. 

• Experience with digital forensics, incident response, or SOC analysis is highly favoured. 

• Experience with reverse engineering, malware analysis and packet analysis is highly favoured. 

Business Skills 

• Excellent written and verbal skills to clearly explain concepts to diverse stakeholders. 

• Understanding of customer’s unique cybersecurity needs and risks and ability to adapt solutions to match requirements. 

• Ability to demonstrate value and effectiveness of controls and continuous improvement to various stakeholders including internal and customers. 

• Strong project management and documentation skills. 

Interpersonal & Intrapersonal Skills 

• Ability to speak about security confidently and accurately and to recommend security controls to experienced security professionals and executives. 

• Ability to work as a team with decisions made to support moving toward common goals. 

• Flexibility and motivation to work across several types of engagements. 

 

Knowledge & Experience  

• A Bachelor's degree in Information Security, Computer Science, Data Science, Mathematics and Statistics or a related field is preferred but not essential. 

• Minimum of 2 years’ experience in cyber security. 

• Ability to apply best practice frameworks such as ISO 27001, NIST CSF, ASD Essential Eight. 

• Ability to develop and use the company’s methodologies to provide effective security and risk advice. 

• Ability to articulate business implications and risks in relation to the business. 

• Strong written and verbal communication skills to clearly explain concepts. 

• Open-minded and forward-thinking in terms of vision for the business and team culture.

Benefits 

• Opportunities to undertake technical training and secure industry recognised certifications 

• Flexible working arrangements with a mix of remote and in-person work 

• Opportunities to work with some of the best cybersecurity professionals in the region and to grow and develop your career 

• Extra leave day per year for your birthday.