Threat Detection Analyst
Remote
DeepSeas
Nearly 1,000 organizations trust DeepSeas to transform their cybersecurity program with 24x7 detection and response, pen testing, and vCISO services.
Threat Detection Analyst
With 30 years of experience in cyber defense, DeepSeas is trusted by nearly 1,000 clients around the world, including Fortune 100 enterprises and mid-market organizations, higher education institutions, municipality and local governments, and federal agencies. Known for its programmatic approach to continuously transforming cyber defense programs, DeepSeas is recognized by Gartner as a top 40 provider of MDR and ranked as a top 5 MDR leader in the 2024 Frost Radar™: Global Managed Detection and Response (MDR) Market. In addition to its industry-leading MDR service, DeepSeas offers a full suite of advisory, compliance, and testing services to support clients on their cybersecurity transformation journeys, with an approach to cyber defense that prioritizes technical expertise, tradecraft, and continuous innovation to deliver unparalleled results.
Position Overview
The analyst is responsible for performing engineering changes that facilitate the collection, enrichment, and transformation of information that supports IR investigations, threat hunts, and detection analytics specific to various threat use cases. The analyst is responsible for creating and maintaining relevant threat detection content. The analyst must demonstrate strong communication skills and integrate with a broader team of cyber operations professionals functions, such as Cyber Threat intelligence, incident response, Reporting, Compliance, Insider Threat and Data Protection, to ensure alignment with the client’s goals and objectives.
• 2. Communicate and coordinate with internal and external stakeholders.
• 3. Identity, develop, document, and deploy threat detection platforms that meet multiple stakeholder requirements.
• 4. Collaborate with threat intelligence and vulnerability management teams to stay updated on emerging threats and vulnerabilities.
• 5. Tune detection rules to enhance threat detection capabilities according to threat intelligence reports, purple team testing, PEN testing, and IR feedback.
• 6. Knowledge and operational experience using MITRE ATT&CK to map use cases across the initial points of exposure, alert mapping and incident reporting.
• 7. Drive continuous improvement initiatives within the SOC.
• 8. Test and Verify detection pipeline visibility and analytics across multiple threat actor TTP’s
• 9. Security Automation and Orchestration platform and process support for various teams across the Security Operations Function.
• 10. Collaborate with threat intelligence teams to instrument threat intelligence visibility across the enterprise for high-fidelity TTP’s and indicators related to new threat actor TTPs.
• Strong analytical and problem-solving skills.
• Requires both written and verbal communication skills with both technical and non-technical stakeholders.
• Proficiency in SIEM, EDR, xDR, and NDR tools.
• Hands on experience with using ATT&CK framework tools and pen testing tools to simulate adversarial behaviors (e.g., ransomware, trojans, worms) and translating those behavior's into methodology\technique level detections within detection platforms.
• Experienced with various operating systems
• Knowledge of common enterprise network architectures and cloud architectures.
• Knowledge of interpretive script languages like Python, PowerShell, or Bash to support automation.
• Strong knowledge of multiple analytic techniques on major data analytics platform, (e.g. KQL, SPL, Kibana Query Language, LINQ, etc)
Certifications: GIAC Certified Detection Analyst (GCDA) or equivalent.
· We are client obsessed.
· We stand in solidarity with our teammates.
· We prioritize personal health and well-being.
· We believe in the power of diversity.
· We solve hard problems at the speed of cyber.
This is your chance to join a supportive crew of teammates and an industry-leading organization that values opportunities for growth. If DeepSeas sounds like a good fit for you, send us your resume and let’s talk!
Information security is everyone’s responsibility:
• Understanding and following DeepSeas’s information security policies and procedures.
• Remaining vigilant and reporting any suspicious activity or possible weaknesses in DeepSeas’s information security.
• Actively participating in DeepSeas’s efforts to maintain and improve information
• security.
• DeepSeas considers this position is as Moderate Risk with a potential to
• view/access/download restricted/private client/internal data. This information must be treated with
• sensitivity and in the most secure manner. HR reserves the right to perform random background/drug
• screens to ensure the safety of client/DeepSeas data
Department: Security Operations
Employment Type: Full Time
Location: Remote
Description
Company BackgroundWith 30 years of experience in cyber defense, DeepSeas is trusted by nearly 1,000 clients around the world, including Fortune 100 enterprises and mid-market organizations, higher education institutions, municipality and local governments, and federal agencies. Known for its programmatic approach to continuously transforming cyber defense programs, DeepSeas is recognized by Gartner as a top 40 provider of MDR and ranked as a top 5 MDR leader in the 2024 Frost Radar™: Global Managed Detection and Response (MDR) Market. In addition to its industry-leading MDR service, DeepSeas offers a full suite of advisory, compliance, and testing services to support clients on their cybersecurity transformation journeys, with an approach to cyber defense that prioritizes technical expertise, tradecraft, and continuous innovation to deliver unparalleled results.
Position Overview
The analyst is responsible for performing engineering changes that facilitate the collection, enrichment, and transformation of information that supports IR investigations, threat hunts, and detection analytics specific to various threat use cases. The analyst is responsible for creating and maintaining relevant threat detection content. The analyst must demonstrate strong communication skills and integrate with a broader team of cyber operations professionals functions, such as Cyber Threat intelligence, incident response, Reporting, Compliance, Insider Threat and Data Protection, to ensure alignment with the client’s goals and objectives.
Key Responsibilities
• Proactively develop threat detection engineering activities.• 2. Communicate and coordinate with internal and external stakeholders.
• 3. Identity, develop, document, and deploy threat detection platforms that meet multiple stakeholder requirements.
• 4. Collaborate with threat intelligence and vulnerability management teams to stay updated on emerging threats and vulnerabilities.
• 5. Tune detection rules to enhance threat detection capabilities according to threat intelligence reports, purple team testing, PEN testing, and IR feedback.
• 6. Knowledge and operational experience using MITRE ATT&CK to map use cases across the initial points of exposure, alert mapping and incident reporting.
• 7. Drive continuous improvement initiatives within the SOC.
• 8. Test and Verify detection pipeline visibility and analytics across multiple threat actor TTP’s
• 9. Security Automation and Orchestration platform and process support for various teams across the Security Operations Function.
• 10. Collaborate with threat intelligence teams to instrument threat intelligence visibility across the enterprise for high-fidelity TTP’s and indicators related to new threat actor TTPs.
Skills Knowledge and Expertise
• Strong analytical and problem-solving skills.
• Requires both written and verbal communication skills with both technical and non-technical stakeholders.
• Proficiency in SIEM, EDR, xDR, and NDR tools.
• Hands on experience with using ATT&CK framework tools and pen testing tools to simulate adversarial behaviors (e.g., ransomware, trojans, worms) and translating those behavior's into methodology\technique level detections within detection platforms.
• Experienced with various operating systems
• Knowledge of common enterprise network architectures and cloud architectures.
• Knowledge of interpretive script languages like Python, PowerShell, or Bash to support automation.
• Strong knowledge of multiple analytic techniques on major data analytics platform, (e.g. KQL, SPL, Kibana Query Language, LINQ, etc)
Certifications: GIAC Certified Detection Analyst (GCDA) or equivalent.
Why DeepSeas?
At DeepSeas, we like to say that heart rates go down, careers take off, and security programs mature. Our values provide the ultimate guide for our daily behavior and decisions. Without these values, we aren’t DeepSeas. They preserve the essence of our organization, reflect the personalities of our Deeps (how we affectionately refer to our teammates), and enable us to exceed expectations. Our values are:· We are client obsessed.
· We stand in solidarity with our teammates.
· We prioritize personal health and well-being.
· We believe in the power of diversity.
· We solve hard problems at the speed of cyber.
This is your chance to join a supportive crew of teammates and an industry-leading organization that values opportunities for growth. If DeepSeas sounds like a good fit for you, send us your resume and let’s talk!
Information security is everyone’s responsibility:
• Understanding and following DeepSeas’s information security policies and procedures.
• Remaining vigilant and reporting any suspicious activity or possible weaknesses in DeepSeas’s information security.
• Actively participating in DeepSeas’s efforts to maintain and improve information
• security.
• DeepSeas considers this position is as Moderate Risk with a potential to
• view/access/download restricted/private client/internal data. This information must be treated with
• sensitivity and in the most secure manner. HR reserves the right to perform random background/drug
• screens to ensure the safety of client/DeepSeas data
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
10
2
0
Categories:
Analyst Jobs
Threat Intel Jobs
Tags: Analytics Automation Bash Cloud Compliance Cyber defense Data Analytics EDR GIAC Incident response MITRE ATT&CK Pentesting PowerShell Python SIEM SOC Threat detection Threat intelligence TTPs Vulnerabilities Vulnerability management XDR
Perks/benefits: Career development Startup environment
Region:
Remote/Anywhere
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Information System Security Officer jobsInformation Systems Security Officer jobsSenior Cloud Security Engineer jobsInformation Security Manager jobsSenior Network Security Engineer jobsSenior Cybersecurity Engineer jobsInformation Security Specialist jobsSecurity Consultant jobsSecurity Specialist jobsSenior Information Security Analyst jobsSenior Penetration Tester jobsIT Security Engineer jobsSenior Cyber Security Engineer jobsCyber Security Specialist jobsChief Information Security Officer jobsPrincipal Security Engineer jobsIT Security Analyst jobsInformation System Security Officer (ISSO) jobsStaff Security Engineer jobsCloud Security Architect jobsCyber Security Architect jobsSecurity Operations Analyst jobsSystems Administrator jobsThreat Intelligence Analyst jobsSenior Information Security Engineer jobs
GDPR jobsSaaS jobsEncryption jobsForensics jobsTop Secret jobsEDR jobsSDLC jobsMalware jobsRMF jobsSplunk jobsSQL jobsIDS jobsBash jobsIPS jobsIntrusion detection jobsCompTIA jobsDocker jobsDoDD 8570 jobsITIL jobsFinance jobsThreat detection jobsTerraform jobsOWASP jobsCRISC jobsTCP/IP jobs
Active Directory jobsVPN jobsGIAC jobsClearance Required jobsUNIX jobsIT infrastructure jobsBanking jobsAnsible jobsSANS jobsJira jobsJavaScript jobsHIPAA jobsDNS jobsOSCP jobsPolygraph jobsMITRE ATT&CK jobsSOX jobsData Analytics jobsMachine Learning jobsGCIH jobsSOAR jobsSOC 2 jobsCCSP jobsCISO jobsSecurity strategy jobs