Content Development Engineer- Threat Detection & Response

Graylog: Empowering Threat Detection, Investigation, & Response Solutions with Cutting-Edge Technology Graylog specializes in delivering top-notch Threat Detection, Investigation, & Response (TDIR) solutions, backed by our latest addition, the Graylog API security platform. As a renowned centralized log management (CLM) and Security Information Event Management (SIEM) provider, we offer unparalleled fast and efficient log analysis capabilities in critical areas such as security, compliance, operations, and DevOps. Our enterprise solution enables organizations globally to capture, store, and analyze terabytes of machine data in near-real time while our open-source product has been deployed in more than 50,000 installations worldwide, empowering individuals and small teams to perform basic log consolidation, analysis, and search functions at no cost. We're a remote-friendly company with locations in Hamburg, Munich, London, Boulder, and headquarters in Houston, TX. If you live near an office and want to be part of said office great.  Nearish to an office and want to have the ability to hot desk? No problem, and if you're not near an office and wish to work remotely, all good! Recent achievements for Graylog have been inclusion in the 2021 Deloitte Technology Fast 500™, we took home two of the most prestigious cybersecurity awards in SIEM and DevSecOps from Cyber Defence Magazine at RSA in 2023, and 2024 has seen us take home gold and become the Globee Winner for Security Information & Event Management and the 2024 Globee Winner for Threat Hunting, Detection, Intelligence, and Response.
Graylog has recently been named a “Leader” and “Fast Mover” in GigaOM’s 2024 Radar Report for SIEM.  
Who we’re looking for; Graylog is currently recruiting for a threat detection and response specialist to join our security content team. Our security content team makes our customer’s lives easier and safer by building and maintaining a rich library of content we call Illuminate. Illuminate starts with data processing modules for the parsing, normalization, categorization, and enrichment of log data. Once the data is processed, Illuminate’s dashboards and pre-defined searches give customers visibility into their data. Finally, Illuminate includes a curated selection of alerts coupled with suggested investigation and remediation steps to help our customers detect and respond to relevant threats. As the Content Development Engineer for Detection and Response, you will help grow and refine our collection of curated alerts and response plans. You’ll work closely with your immediate team and our product team to identify and prioritize the threats to be addressed. With support from the team and external partners, you’ll build, test, and deliver the detection and response plans that will help our customers keep their systems safe. To be successful in this role, you will be self-motivated and with a passion for learning and keeping up to date regarding security trends and attack vectors. You will also need a working knowledge of basic programming, familiarity with log formats and networking, and clear and concise written and communication skills. This position can be based anywhere in the US and will report to our Engineering Manager in the US.

Additional responsibilities will include but are not limited to;

• Contribute to the expansion and maintenance of the library of Illuminate content.
• Test, review, and provide feedback on the work of your teammates.
• Keep abreast of security trends, vulnerabilities, and attack vectors.
• Support our Customer Support team when customers have issues with Illuminate.
• Monitor customer requests for new content ideas and adjustments to existing content.
• Independently research, build, and deliver security content (detection & remediation steps) that improve customers' security posture.
• Provide use peer-to-peer reviews of other team members' work.
• Travel to team and company events as and when required.

A little bit about you;

• Thorough information security background including writing and tuning security alerts.
• Recent SOC (or similar threat detection and response) experience is preferred.
• Familiarity with Sigma Rules.
• Hands-on experience with SIEM and/or log aggregation tools such as Graylog, Splunk, QRadar, etc.
• Good working knowledge of virtualization technologies.
• Knowledge of programming logic, regex, grok, GitHub.
• Familiar with Linux & Windows system administration.
• Thorough documentation and writing skills with a keen eye and attention to detail.
• Previous Graylog experience would be a distinct advantage.

Just some of the reasons why to join Graylog;

• Opportunity to work with a globally distributed and diverse team.
• Grow and develop professionally and personally in a fast-growing environment.
• Choice of latest equipment to help you succeed.
• Monthly allowance to support your commute costs and support outfitting your work from home environment.
• Equity. We have a stake in you, you should have a stake in us.

Here at Graylog, you'll find a diverse group of experienced professionals who love to have fun while meeting the needs of our customers with the best solution and customer service available.
Our values;
Openness- As a global company, we encourage our people to bring their backgrounds, ideas, and perspectives to our collective work. We lead with integrity and are committed to doing what is best for the Graylog community.
Collaboration- Through mutual respect, trust, and candid communication across all teams, we deliver the best ideas and results.
Useful Innovation- We take calculated risks to find new ways to innovate. By continuously improving ourselves, processes, and technologies, we deliver the best solution for our customers.
Ownership- As owners, we take the initiative to solve internal and external problems while supporting peer success and holding ourselves accountable for delivering the best work. We do this from a place of high trust.
Do the Right Thing!- Comfort and safety come from knowing that everyone will do the right thing, even when nobody's looking.
For further information please submit an application and a member of the Graylog People Team will be in touch.