Threat Detection Architect (US Remote)
Austin, TX
Anomali
Anomali is a security operations platform harnessing the power of AI to deliver breakthrough threat detection, visibility and cyber exposure management.Job Description:Anomali is looking for a skilled threat hunter, analyst, and detection engineer/architect to join our SOC. Previous experience as a T3 SOC analyst, threat hunter, and advanced SIEM detection engineer is preferred. This individual will be responsible for proactively detecting, isolating, and mitigating threats, while building new threat hunts and detections around system- and business-process-specific adversary threat models. This individual will work closely with our Advanced Threat Research (ATR) team, Cyber Fusion Content Development team, and Security Operations Team to leverage Anomali’s core capabilities along with other industry-leading cybersecurity products to build and implement novel threat detection and hunting capabilities. You will also leverage Anomali’s AI Copilot and provide direct input into Anomali Language Learning Models (LLMs) for building content related to threat hunting, incident response, adversary threat models, and detection methodology. Key Responsibilities:o Proactively build SOC detections to investigate, detect, isolate and mitigate endpoint-, identity-, network-, cloud-, email-, and data-based threats across enterprise systems and data storeso Develop a periodic, triggered, and continuous threat hunting strategyo Use a threat-model-based approach to develop detections and threat huntso Develop templated and repeatable processes for automated and manual security incident triage, response, and mitigation using Anomali’s market-leading Security Operations Platformo Build Anomali Query Language (AQL) SIEM detections using a combination of currently existing detections (e.g. Sigma rules), newly developed detections, and UEBA analytics algorithms to streamline detection and responseo Properly orchestrate and configure existing tools and enterprise systems to generate detections for malicious behavior, insider threat, and LOL processes and procedureso Map detections and threat hunts to MITRE ATT&CK methodology as-neededo Utilize Attack Flow and IOAs to build incident detection blueprints and response playbookso Build data dashboards to provide insights, analytics, and holistic understanding of SOC operations, including the reduction in mean time to respond (MTTR)o Build a security tools and data exploitation and optimization model and methodology that measures return on security investment and SOC operations effectivenesso Serve as an expert advisor on SOC analyst incident response, detection engineering, and threat hunting to internal product teams, content-development teams, and customers o Provide direct input into AI language learning models and capabilitieso Manage and mentor SOC analysts and threat hunters in creating of automations, triage of detections, and execution of computer incident response processes
QualificationsRequired Skills/Experience:o Minimum 5+ years of work experience as an advanced T3 SOC analyst, threat hunter, incident responder, or detection engineero In-depth technical knowledge concerning processes, procedures, and methodologies regarding preparedness, resilience, incident response, detection engineering, and threat huntingo Technical knowledge on detection and alert orchestration across numerous security systems including but not limited to EDR, NDR, Firewalls, DNS, DHCP, IAM, IDaaS, ESG, SWG, SSE, DLP, VPN, CASB, Cloud Environments (e.g. AWS, GCP, Azure), and SaaS applicationso Technical knowledge of techniques, standards, and state-of-the-art capabilities for authentication and authorization, applied cryptography, network architecture, security vulnerabilities, and remediation strategies.o Tactical knowledge of how to apply cyber threat intelligence (CTI) in SOC processes, procedures, and systems to prioritize and speed detection and responseo In-depth technical knowledge of Attack Flow, IoA/TTP-based and IoC-based threat hunting, log sources, SIEM investigations, Windows/Linux operating system event logs, and threat actor tactics, techniques, and procedureso Experience using Sigma and YARA rules to perform threat hunts across live processes, databases, and systemso Understanding of SaaS development environments including cloud data centers, CI/CD pipelines, web application development, OWASP, vulnerability scanning (DAST, SAST, RASP), system development life cycle (SDLC), web application monitoring, web application security (e.g. WAFs, log monitoring), web services, service-oriented architectures, remote access technologies (ZTNA, VDI, JIT)
Desired Skills/Experience:o Experience conducting purple teaming, pentesting, sandbox testing, or development of honeypots/tokens for threat and vulnerability detectiono BS or MS in technical field, including but not limited to Computer Science, Engineering, Cybersecurity, Information SystemsEqual Opportunities MonitoringIt is our policy to ensure that all eligible persons have equal opportunity for employment and advancement on the basis of their ability, qualifications and aptitude. We select those suitable for appointment solely on the basis of merit without regard to an individual's disability, race, color, religion, sex, sexual orientation, gender identity, national origin, age, or status as a protected veteran. Monitoring is carried out to ensure that our equal opportunity policy is effectively implemented.
If you are interested in applying for employment with Anomali and need special assistance or accommodation to apply for a posted position, contact our Recruiting team at recruiting@anomali.com.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Application security AWS Azure CASB CI/CD Cloud Computer Science Cryptography Cyber Kill Chain DAST DNS EDR Firewalls GCP Honeypots IAM Incident response Linux LLMs MITRE ATT&CK Monitoring OWASP Pentesting SaaS SAST SDLC SecOps SIEM SOC Threat detection Threat intelligence Threat Research VPN Vulnerabilities Windows ZTNA
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs