US Threat Led Defense Detection (USTLD) Engineer Tech Lead - USDS
New York, New York, United States
About the Team
This role role reports to the Threat Led Defense (USTLD) team lead. USTLD's mission is to ensure that the Threat Detection and Response organization can detect and mitigate the most critical threats to our user data, employees, and operations. As a detection engineer, you will onboard, write, and tune detection logic for a variety of network, endpoint, and cloud security use cases.
You would be a great match if:
- You are a self-starter who is comfortable operating in a fast-paced environment
- You'd like to work with a variety of cross-functional teams on a diverse set of use cases
- You are looking for a high-impact individual contributor role within a growing team
- You enjoy tackling complex or novel challenges.
In order to enhance collaboration and cross-functional partnerships, among other things, at this time, our organization follows a hybrid work schedule that requires employees to work in the office 3 days a week, or as directed by their manager/department. We regularly review our hybrid work model, and the specific requirements may change at any time.
Tasks and Responsibilities:
- Work with intelligence and engineering teams to assess threat actor tradecraft and develop appropriate countermeasures
- Onboard and tune out-of-the-box detection logic from commercial and internally developed products
- Analyze threat actor TTPs using MITRE ATT&CK and assess detection coverage using MITRE DeTT&CT
- Develop custom rules to address gaps in detection coverage
- Work with logging teams to onboard new log sources to our SIEM
- Contribute to threat hunt operations and purple team exercises
- Build and maintain a threat detection library
- Develop enrichment pipelines and automation to enhance the fidelity of threat detections
This role role reports to the Threat Led Defense (USTLD) team lead. USTLD's mission is to ensure that the Threat Detection and Response organization can detect and mitigate the most critical threats to our user data, employees, and operations. As a detection engineer, you will onboard, write, and tune detection logic for a variety of network, endpoint, and cloud security use cases.
You would be a great match if:
- You are a self-starter who is comfortable operating in a fast-paced environment
- You'd like to work with a variety of cross-functional teams on a diverse set of use cases
- You are looking for a high-impact individual contributor role within a growing team
- You enjoy tackling complex or novel challenges.
In order to enhance collaboration and cross-functional partnerships, among other things, at this time, our organization follows a hybrid work schedule that requires employees to work in the office 3 days a week, or as directed by their manager/department. We regularly review our hybrid work model, and the specific requirements may change at any time.
Tasks and Responsibilities:
- Work with intelligence and engineering teams to assess threat actor tradecraft and develop appropriate countermeasures
- Onboard and tune out-of-the-box detection logic from commercial and internally developed products
- Analyze threat actor TTPs using MITRE ATT&CK and assess detection coverage using MITRE DeTT&CT
- Develop custom rules to address gaps in detection coverage
- Work with logging teams to onboard new log sources to our SIEM
- Contribute to threat hunt operations and purple team exercises
- Build and maintain a threat detection library
- Develop enrichment pipelines and automation to enhance the fidelity of threat detections
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
0
0
0
Tags: Automation Cloud MITRE ATT&CK SIEM Threat detection TTPs
Region:
North America
Country:
United States
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Information Security Specialist jobsInformation System Security Officer jobsSenior Security Analyst jobsSenior Cloud Security Engineer jobsSenior Cybersecurity Engineer jobsSystems Administrator jobsSystems Engineer jobsInformation Security Manager jobsSenior Information Security Analyst jobsSenior Network Security Engineer jobsCyber Security Specialist jobsIT Security Engineer jobsIT Security Analyst jobsChief Information Security Officer jobsSecurity Specialist jobsSecurity Consultant jobsInformation System Security Officer (ISSO) jobsInformation Systems Security Engineer jobsSenior Cyber Security Engineer jobsCyber Threat Intelligence Analyst jobsSenior Product Security Engineer jobsSenior Information Security Engineer jobsCyber Security Architect jobsThreat Intelligence Analyst jobsSenior Software Engineer jobs
Java jobsEncryption jobsBash jobsTS/SCI jobsEDR jobsIDS jobsThreat detection jobsSQL jobsIPS jobsSplunk jobsMalware jobsTerraform jobsSDLC jobsTop Secret jobsSOC 2 jobsFinance jobsForensics jobsDocker jobsRMF jobsIntrusion detection jobsCompTIA jobsActive Directory jobsGIAC jobsITIL jobsOWASP jobs
VPN jobsData Analytics jobsDoDD 8570 jobsHIPAA jobsOSCP jobsAnsible jobsIT infrastructure jobsTCP/IP jobsCRISC jobsSAP jobsUNIX jobsCCSP jobsBanking jobsSANS jobsSOAR jobsClearance Required jobsMITRE ATT&CK jobsSOX jobsJavaScript jobsMachine Learning jobsSecurity strategy jobsZero Trust jobsDNS jobsJira jobsNIST 800-53 jobs