Detection Engineer

Cyderes (Cyber Defense and Response) is a pure-play, full life-cycle cybersecurity services provider with award-winning managed security services, identity and access management, and professional services designed to manage the cybersecurity risks of enterprise clients.  We specialize in multi-technology, complex environments with the in speed and agility needed to tackle the most advanced cyber threats. We leverage our global scale and decades of experience to accelerate our clients’ cyber outcomes through a full lifecycle of cybersecurity services. We are a global company with operating centers in the United States, Canada, the United Kingdom, and India.
About the Job: Cyderes is looking for a dedicated, creative, and experienced Detection Engineer to join our managed services Engineering team. We are looking for someone who can apply their SIEM analysis, rule building, administration and scripting experience to support and maintain detection content for customer SIEMs. This position will work with teams internally and clients externally to develop threat-informed detection rules, assist in requirements gathering for iterative rule deployment improvements, provide support, represent detection capabilities for SIEMs to internal teams and clients, improve and document team standard operating procedures, use data to generate actionable insights for team and leadership, and perform ongoing enhancements. Candidate should be able to handle high priority demands while driving consistent results and have a passion for delivering valuable data insights to clients

Responsibilities:

• Design and work with partners to collect detection data and assist in generating meaningful insights
• Provide production support for multiple SIEM technologies (Splunk, Chronicle, Sentinel, QRadar, LogRythm, etc)
• Assist in the creation of business requirements for iteratively improving detection engineering workflows, processes and procedures
• Analyze data on detection rule performance to provide feedback and identify tuning opportunities
• Attend client calls when required to discuss detection rule requirements and capabilities
• Provide production support and solve complex business-vertical specific issues
• Advocate for efficient and appropriate detection rules for our clients
• Involved in all agile meetings providing feedback to team and project managers
• Work cross-functionally with other members and teams within the entire Cyderes organization on a professional level

Requirements:

• Prior experience in one or more SIEM (Splunk, Chronicle, Sentinel, QRadar, LogRythm, etc) platforms’ administration including developing and implementing detection rules and or saved searches
• Prior experience interacting with or administering common security technologies (SIEM, EDR, Phishing, IDS/IPS, Firewall, etc)
• Prior experience with pattern matching (regular expressions)
• Prior experience in security operations (analyzing/triaging alerts, etc)
• Prior experience using ITSM tools (Jira, ServiceNow, etc)
• Proficiency analyzing data in common log formats (JSON, YAML, XML, CEF, CSV, etc.)
• Proficiency in detection rule languages (YaraL, KQL, SPL, AQL, etc)
• Proficiency in data/log analysis and the relationships between data sets
• Understands the basics of SQL (joins, aggregation functions)
• Understands the basics of CI/CD (Github, Github actions)
• Understands the basics of extracting, transforming, and loading data
• Understand the basic functionality of various DBMS platforms (Spanner, BigQuery, MySQL)
• Understands basic use of APIs (Postman, Insomnia, curl, etc)
• Understands basic security threats (Insider, APT, Malware, Emerging Threats, etc)
• Understands basic open-source intelligence gathering (IOCs, Threat Actors, etc)
• Strong written and oral communication skills, must be able to explain data and how detection rules use that data to an audience with a variety of technical skills
• Splunk or other SIEM certification is a plus
• Knowledge of Python, or other scripting languages is a plus
• Knowledge of GCP environments is a plus

Cyderes is an Equal Opportunity Employer (EOE). Qualified applicants are considered for employment without regard to race, religion, color, sex, age, disability, sexual orientation, genetic information, national origin, or veteran status.
Note: This job posting is intended for direct applicants only. We request that outside recruiters do not contact us regarding this position.