Security Detection Engineer

United States - Remote

Thrive

Thrive is a leading provider of outsourced IT infrastructure. Our managed services provide customers with a strategic advantage as they secure, scale, and succeed.

View all jobs at Thrive

Apply now Apply later

About Us
Thrive is a rapidly growing technology solutions provider focusing upon Cloud, Cyber Security, Networking, Disaster Recovery and Managed Services.  Our corporate culture, engineering talent, customer-centric approach, and focus upon “next generation” services help us stand out amongst our peers.  Thrive is on the look-out for individuals who don’t view their weekdays spent at “a job”, but rather look to develop valuable skills that ignite their passion and lead to a CAREER.  If you’re attracted to a “work hard, play hard” environment, seeking the guidance, training, and experience necessary to build a lucrative career, then welcome to THRIVE!!

Position Overview

We're looking for a Security Detection Engineer to spearhead the advancement of Thrive's cybersecurity detection program. This role is crucial for driving the development of alerting rules, hunts, queries, and reports, as well as implementing and refining SIEM & Detection tooling and procedures. The ideal candidate will analyze attacker tactics, techniques, and procedures (TTPs), developing countermeasures and collaborating with our team to fortify security controls. Responsibilities include guiding the SOC team in improving threat detection, managing security gap analyses, and overseeing the Security Lab for testing attack methods. Additionally, this position involves researching emerging threats to refine detection strategies and managing KPIs to track and enhance the effectiveness of our threat detection efforts.

Primary Responsibilities
  • Responsible for the development and continuous improvement of Thrive’s cybersecurity detection program
  • Drive continuous development of all new alerting rules, hunts, queries, and reports
  • Develop, implement, document, and maintain SIEM & Detection tooling, standard operating procedures, attack signatures and test scripts
  • Implementation and management of API security measures, ensuring secure data transmission and compliance with industry-standard API security protocols
  • Analyze attacker TTPs and build countermeasures to detect and/or stop them using endpoint telemetry
  • Work with security analysts and engineers to develop security controls based on threat model and gap
  • Provide guidance and support to the SOC team in enhancing threat detection capabilities.
  • Design and manage Thrive’s gap analysis and threat modeling processes
  • Management of the Security Lab and responsible for testing new and existing TTP’s and attacks
  • Research threats, malware and novel behavioral techniques and then apply that research to build or tune detection rules and analytics
  • Develop and manage KPIs to measure and enhance the effectiveness of our threat detection strategies
  • Other duties as required
Qualifications/Required Skills
  • Bachelor’s degree in computer science, Information Technology, or a related field.  
  • Relevant certifications (e.g., Security+, CySA+, Network+)
  • 3-5 years of experience in cybersecurity or a related field
  • Firm understanding of attacker tactics, techniques, procedures and means of detection
  • Solid understanding of the MITRE ATT&CK and Cyber Kill Chain frameworks
  • Understanding of common enterprise technologies and logging capabilities including Cloud, IDS/IPS, Firewalls, Active Directory, Anti-Virus/EDR, Proxies, and Email Gateway
  • Ability to engineer creative, scalable, and out-of-the-box solutions
  • Stay up to date with engineering best practices, security technology trends, tools, and frameworks
  • Experience with scripting languages (e.g., Python, PowerShell)
  • Knowledge of cloud security platforms (e.g., Azure, AWS, GCP)
  • Must be able to work effectively in a team environment and collaborate within the team and other stakeholders
  • Familiarity with common security technologies, such as firewalls, intrusion detection/prevention systems, and antivirus software
  • Basic understanding of networking concepts and protocols (TCP/IP, DNS, HTTP).
  • Strong problem-solving and analytical skills
  • Excellent communication and interpersonal skills
  • Ability to work independently and as part of a team.
  • Ability to communicate security information to non-technical people
  • Demonstrates comprehension of good security practice
  • Knowledge of risk assessment tools, technologies and methods
Apply now Apply later
Job stats:  5  1  0

Tags: Active Directory Analytics Antivirus APIs AWS Azure Cloud Compliance Computer Science Cyber Kill Chain DNS EDR Firewalls GCP IDS Intrusion detection IPS KPIs Malware MITRE ATT&CK PowerShell Python Risk assessment Scripting SIEM SOC TCP/IP Threat detection TTPs

Perks/benefits: Career development

Regions: Remote/Anywhere North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.