Senior Reseracher - Automated Detection

ABOUT THE ROLE 

The Detection Automation team is responsible for a detection automation pipeline to translate detection candidates from Threat Intelligence, Security, and Detection researchers into detection artifacts that ensure a timely release to our Security Services teams. As a detection researcher on our Detection Automation team, you will be responsible for researching & authoring detections in an automated flow, identifying opportunities to improve the automated detection flows, and enabling detection researchers from across the organization to author automated detections. The detection automation team ensures quality and scale of our automated detection base and presents actionable detections to our Security Services teams and customers. 

AS A SENIOR DETECTION RESEARCHER AT ARCTIC WOLF, YOU WILL: 

• Provide mentorship and technical leadership to the team. 

• Develop and maintain SQL, Python and YAML-based detections-as-code 

• Research and develop expertise in the various threat surfaces and telemetry available for them 

• Propose coverage and efficacy improvements to the detection surface 

• Work with team members to develop novel detections and continuously tune existing ones 

• Build runbooks, reports and supporting material for detection surfaces 

• Collaborating with cross-functional teams to gather requirements and implement detections. 

• Write clean, efficient, and reusable code in Python, Go, or Scala. 

• Conduct code reviews and provide constructive feedback to ensure code quality and maintainability. 

• Debug and fix issues in existing Python codebases. 

• Optimize application and query performance to ensure scalability. 

• Participate in the full software development life cycle, building well-designed, testable, efficient, secure code. 

• Understand the product and how Security Services delivers the service. 

• Develop professional expertise, apply company policies and procedures to resolve a variety of issues. Determine a course of action based on guidelines, and modify processes and methods as required. 

• Continuously learn and adopt best practices for detections-as-code, code quality, software development methodologies, and programming principles to enhance coding skills and stay updated with industry advancements. 

ABOUT YOU 

You’re a talented detection developer who loves building things and cares deeply about code quality and reliability while optimizing performance. You enjoy coordinating with distributed cross-functional teams. You are constantly adapting to emerging technologies, trends, and best practices. You will build productive internal/external working relationships to resolve mutual problems by collaborating on procedures or transactions, with a focus on providing standard professional advice and creating initial reports/analyses for review by experienced team professionals. 

Here are some of the core technologies we use and teach across our detections teams: 

• Python 

• SQL 

• Sigma 

• Suricata 

• Wazuh 

• Kibana 

• Git 

You are not required to be an expert in any of these, but you should be excited by the opportunity to learn new things and comfortable with coming up to speed quickly. Any experience with detection development or full-stack development frameworks and practices is relevant and transferrable.  

WE’RE LOOKING FOR SOMEONE WITH: 

• 5 or more years of professional experience as a Detection Developer 

• Experience consists of projects contributing in either Python or YAML 

• OS Specific Telemetry (Windows Security/Sysmon logs, Linux) 

• Expertise in Windows PowerShell Monitoring 

• Understanding of the authoring lifecycle of SIEM Detections and Detection artifacts 

• EDR detections/signatures 

• Sigma and Yara Rules 

• Streaming and batch-based detections 

• Threat hunting & detection research 

• Development of anomaly and behavioral based detections 

• Demonstrated experience authoring and enabling Detections-as-Code 

• Experience tuning and optimization of detections for all the above 

• Professional certifications in Security and/or Cloud are required (i.e. CISSP, GNFA, GCFA, GCFE, GREM). 

• Experience consists of leading a team of 3 or more Detection Developers while contributing code independently 

• Experience leading Agile development teams, preferably with formal Agile training 

• Nice to have: A clear history of technical influence (public conference talks, papers, etc) 

• Nice to have: A clear history of learning and skills development. Regularly helps detection developers develop their skills in a variety of ways. 

• Nice to have: B.Sc. in Computer Science 

About Arctic Wolf

At Arctic Wolf we’re cultivating a collaborative and productive work environment that welcomes a diversity of backgrounds, cultures, and ideas to make our teams even stronger as we grow globally. We’ve been named one of the 50 Most Innovative Companies in the world for 2022 (Fast Company)—and the 2nd Most Innovative Security Company. We have won countless awards for our excellence in security operations and remain dedicated to providing an industry-leading customer and employee experience including:

• Top Workday USA (2021-2024)
• Great Place to Work (2022-2024) & Best Workplaces for Women (2024) in Canada
• Best Workplaces in Tech & For Women in the UK (2023)
• Top Company by Kununu in Germany (2024)

Our Values

Arctic Wolf recognizes that success comes from delighting our customers, so we work together to ensure that happens every day. We believe in diversity and inclusion, and truly value the unique qualities and unique perspectives all employees bring to the organization. And we appreciate that—by protecting people’s and organizations’ sensitive data and seeking to end cyber risk— we get to work in an industry that is fundamental to the greater good. 

We celebrate unique perspectives by creating a platform for all voices to be heard through our Pack Unity program. We encourage all employees to join or create a new alliance. See more about our Pack Unity here.  

Arctic Wolf is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics, or any other basis forbidden under federal, provincial, or local law. Arctic Wolf is committed to fostering a welcoming, accessible, respectful, and inclusive environment ensuring equal access and participation for people with disabilities. As such, we strive to make our entire employee experience as accessible as possible and provide accommodations as required for candidates and employees with disabilities and/or other specific needs where possible. Please let us know if you require any accommodations by emailing recruiting@arcticwolf.com.

Security Requirements

• Conducts duties and responsibilities in accordance with AWN’s Information Security policies, standards, processes, and controls to protect the confidentiality, integrity and availability of AWN business information (in accordance with our employee handbook and corporate policies).
• Background checks are required for this position.