Senior Associate, Detection Engineer, Cyber Managed Services

In a world of disruption and increasingly complex business challenges, our professionals bring truth into focus with the Kroll Lens. Our sharp analytical skills, paired with the latest technology, allow us to give our clients clarity—not just answers—in all areas of business. We embrace diverse backgrounds and global perspectives, and we cultivate diversity by respecting, including, and valuing one another. As part of One team, One Kroll, you’ll contribute to a supportive and collaborative work environment that empowers you to excel. 

Kroll’s Cyber Risk team works on over 2,000 cases a year, including some of the most complex and highest profile matters in the world. With experts based around the world, supported by ground-breaking technology, we help protect our client’s data, people, operations and reputation with innovative assessments, investigations and intelligence. We are the only company in the world with the expertise and resources to deliver global, end-to-end cyber risk management, supporting organizations through every step of their journey toward cyber resilience. 

Clients count on us for quick and expert support in the event of and in preparation against a cyber incident; from incident response to risk assessments, and complex forensics to breach notification and ID theft remediation we help clients – of all sizes – respond with confidence.

At Kroll, your work will help deliver clarity to our clients’ most complex governance, risk, and transparency challenges. Apply now to join One team, One Kroll. 

Role 

Working within our Security Operations Centre as a Detection Engineer, the focus of this role is the implementation of security monitoring, detection and response technologies across Kroll’s client base. This involves developing, testing and tuning security content across EDR and SIEM technologies.

Responsibilities 

• Develop custom detections (aka use cases, rules) for the latest threats using leading EDR technologies including SentinelOne and CrowdStrike.
• Identify false positives and false negatives. Tune detections to increase fidelity.
• Be intelligence led and convert threat intelligence into detections.
• Handle requests for new detections from a variety of stakeholders. Determine the security value of those requests and clearly explain your decision and reasoning.
• Work with stakeholders to build effective whitelists and blacklists.  
• Collaborate with key stakeholders across the SOC, Threat Intelligence, DFIR, Offensive Security, Solutions Engineering, Platform Engineering, Project Management, Product and Sales Teams. 
• Create scalable processes through automation. 
• Document designs and processes. 

About You 

• Familiar with prevailing threats and how to mitigate them using EDR.
• Experience writing or tuning detections for EDR, preferably SentinelOne or Crowdstrike.
• Experience with 2 or more of the following: process monitoring, file monitoring, registry monitoring and network monitoring. 
• Understanding of Windows or Linux telemetry. 
• Familiarity with the MITRE ATT&CK framework.
• Understand security principles and practices.
• Proficient with Regex.
• Proven capability to learn and deliver to a high standard within deadlines.
• Strong organisational skills and an ability to appropriately prioritise tasks.
• Ability to relay complex technical subject matter to non-technical stakeholders.
• Demonstrable analytical and technical aptitude with focus on identifying and alleviating the root cause of a problem.
• Proven ability to thrive and respond to frequent demands of multiple constituents, both internal and external, in a high demand, customer-centric environment. 
• SANS/GIAC certifications preferred.
• Written and verbally fluent in English

About Kroll 
Join the global leader in risk and financial advisory solutions—Kroll. With a nearly century-long legacy, we blend trusted expertise with cutting-edge technology to navigate and redefine industry complexities. As a part of One Team, One Kroll, you'll contribute to a collaborative and empowering environment, propelling your career to new heights. Ready to build, protect, restore and maximize our clients’ value? Your journey begins with Kroll. 

Kroll is committed to equal opportunity and diversity, and recruits people based on merit. 

In order to be considered for a position, you must formally apply via careers.kroll.com.
#LI- IW1