Detection Engineer

Cyderes (Cyber Defense and Response) is a pure-play, full life-cycle cybersecurity services provider with award-winning managed security services, identity and access management, and professional services designed to manage the cybersecurity risks of enterprise clients.  We specialize in multi-technology, complex environments with the in speed and agility needed to tackle the most advanced cyber threats. We leverage our global scale and decades of experience to accelerate our clients’ cyber outcomes through a full lifecycle of cybersecurity services. We are a global company with operating centers in the United States, Canada, the United Kingdom, and India.
About the Job:Cyderes is looking for a dedicated, creative, and experienced Detection Engineer to join our managed services Engineering team. We are looking for someone who can apply their SIEM analysis, rule building, administration and scripting experience to support and maintain detection content for customer SIEMs. This position will work with teams internally and clients externally to develop threat-informed detection rules, assist in requirements gathering for iterative rule deployment improvements, provide support, represent detection capabilities for SIEMs to internal teams and clients, improve and document team standard operating procedures, use data to generate actionable insights for team and leadership, and perform ongoing enhancements. Candidate should be able to handle high priority demands while driving consistent results and have a passion for delivering valuable data insights to clients. Candidate should also bring the right attitude to the team including accountability, ownership, and positivity. We embrace a fast-paced work environment and are looking for like-minded individuals that have a passion for continual improvement, new ideas, tinkering with new projects, and creating solutions to complex problems.

Responsibilities:

• Design and work with partners to collect detection data and assist in generating meaningful insights
• Provide production support for multiple SIEM technologies (Chronicle, CrowdStrike NextGen SIEM)
• Assist in the creation of business requirements for iteratively improving detection engineering workflows, processes and procedures
• Analyze data on detection rule performance to provide feedback and identify tuning opportunities
• Attend client calls when required to discuss detection rule requirements and capabilities
• Provide production support and solve complex business-vertical specific issues
• Advocate for efficient and appropriate detection rules for our clients
• Involved in all agile meetings providing feedback to team and project managers
• Work cross-functionally with other members and teams within the entire Cyderes organization on a professional level

Requirements:

• Prior experience in one or more SIEM (Splunk, Chronicle, Sentinel, QRadar, LogRythm, etc) platforms’ administration including developing and implementing detection rules and or saved searches using YaraL, KQL, SPL, AQL or other detection language
• Prior experience interacting with or administering common security technologies (SIEM, EDR, Phishing, IDS/IPS, Firewall, etc)
• Prior experience analyzing data in common log formats (JSON, YAML, XML, CEF, CSV, etc.)
• Understands the basics of data/log analysis and the relationships between data sets
• Understands the basics of extracting, transforming, and loading data
• Understands the basic use of ITSM tools (Jira, ServiceNow, etc)
• Understands basic security threats (Insider, APT, Malware, Emerging Threats, etc)
• Understands basic open-source intelligence gathering (IOCs, Threat Actors, etc)
• Understands basic pattern matching (regular expressions)
• Understands the basics of security operations
• Strong written and oral communication skills, must be able to explain data and how detection rules use that data to an audience with a variety of technical skills
• Splunk or other SIEM certification is a plus
• Knowledge of Python, or other scripting languages is a plus
• Knowledge of SQL is a plus
• Knowledge of CI/CD is a plus
• Knowledge of various DBMS platforms (Spanner, BigQuery, MySQL) is a plus
• Knowledge of interacting with APIs (Postman, Insomnia, curl, etc) is a plus
• Knowledge of GCP environments is a plus

Cyderes is an Equal Opportunity Employer (EOE). Qualified applicants are considered for employment without regard to race, religion, color, sex, age, disability, sexual orientation, genetic information, national origin, or veteran status.
Note: This job posting is intended for direct applicants only. We request that outside recruiters do not contact us regarding this position.