Threat Detection Engineer Senior with Sentinel Focus

Proficio is an award-winning managed detection and response (MDR) services provider. We provide 24/7 security monitoring, investigation, alerting and response services to organizations in healthcare, financial services, manufacturing, retail and other industries. Take a video tour of our global network of 24/7 Security Operations Centers (SOCs).

Proficio has been highlighted in Gartner’s Market Guide for Managed Detection and Response Services for the last five consecutive years. MSSP Alert ranks Proficio among the top 250 global Managed Security Services Providers (MSSPs).

We have a track record of innovation. Proficio invented the concept of SOC-as-a-Service. We were the first MSSP to provide automated response services and are the only company in our space with a patent for cyber risk scoring and security posture gap analysis.

Our typical client is a medium to large-sized organization that lacks the in-house resources to address the challenges of a rapidly changing threat landscape. The difficulty of hiring and retaining cybersecurity professionals are widely understood. Our prospective clients are also challenged to effectively harness technology and build hardened processes that reduce the risk of security breaches.

While Proficio has developed a unified service delivery platform designed to meet the needs of the most demanding clients, what sets us apart is the quality and passion of our people. We believe the SOC of the Future will meld the creativity of human intelligence with the power of advanced technologies like AI.

Proficio’s commitment to developing and promoting our team members is unparalleled in our industry. Most of our senior managers were promoted from within.

Job Description

This role is a pivotal part of creating a world class Security Operations Center. At Proficio we strive to create a service that can quickly and effectively inform our clients of a threat against their environment. Individuals in this role will be part of a team that creates the content that makes those detections.

The successful candidate has experience in security content development. They can analyze log sources from a variety of sources and services to identify the appropriate data models for detecting potential threats. This candidate can quickly and accurately interpret use cases to produce a variety of different detections. They enjoy working alongside their technical and non-technical teammates.

This candidate is an effective and proactive communicator, who will concern themselves with implemented the best solution for our customers. Proficio is a team that strives for quality over quantity. Candidates are drawn to complex and ambiguous problems and are skilled at extracting those into simple and actionable solutions for customers. This candidate is a team player who embodies Proficio’s principles and values, with an emphasis on driving results, automation, quality, and consistency.

Key Responsibilities

• Implement and maintain detection capabilities in Microsoft’s Sentinel SIEM/SOAR including creating, updating, and maintaining the GitHub / Azure DevOps Content Repository
• Creation of Workbooks, Repositories, Analytics, and Logic Apps (Playbooks)
• Proven ability to create a custom Analytic for unique customer needs
• Additional ability to implement and maintain detection capabilities across multiple technologies including but not limited to Splunk, Elastic/Kibana, Logstash, FortiSOAR, ArcSight, Carbon Black, and CrowdStrike
• Implement reporting that provides a point in time data relevant to compliance and security events
• Implement dashboards to create data analysis for environmental trends in security and health
• Designing detection blueprints that will produce high-fidelity alerting for security threats and compliance-based risks
• Coordinate with internal and external teams to improve the accuracy of detection capabilities and implement best practice mitigations and automated response capabilities
• Understand and apply information security knowledge to detection capabilities to remove gaps in visibility and monitor for security events, compliance events, and health and maintenance events of interest.
• Document and communicate detection capabilities and gaps clearly and effectively leveraging multiple industry frameworks including MITRE ATT&CK, the Cyber Kill Chain, and NIST
• Research and innovate new mitigation, detection, and response capabilities given input from industry trends, customer feedback, and personal research
• Document processes and create executive level KPI’s for both internal and external use
• Normalize events to Proficio’s different data models and maintain it alongside best industry practices and standards
• Working with other less senior members of the team for quality assurance
• Other duties may be assigned as needed

Requirements

• Bachelor's degree in a related field and/or 6+ years demonstrated experience and knowledge
• 2 Years’ experience writing Sentinel Analytics in KQL, creation/maintenance of GitHub / Azure DevOps Content Repository, and creation of Sentinel Playbooks and Automation
• Understanding of cyber security and IT disciplines including networking, operating systems, authentication protocols, general enterprise network architecture, and security incident response.
• Understanding of common enterprise technology purposes and logging capabilities including Firewalls, Active Directory, Antivirus/EDR, IDS/IPS, Proxies, and Azure Cloud
• Additional experience with log aggregation or correlation technologies such as Splunk, Elastic, Carbon Black, or CrowdStrike.
• Understanding of automation platforms (SOAR tools)
• Experience working in Linux (Ubuntu, CentOS, or Debian)
• Additional programming experience (in addition to KQL) in product such as JSON, YAML, ARM, and Python
• Understanding of security detection frameworks such as MITRE ATT&CK, Cyber Kill Chain, and NIST
• Regular expression, scripting, and programming experience are not required, but highly desirable
• Positive and Influential Attitude, Energy, and Effort
• Adaptability, Accountability, Helpfulness, and Focus
• Ability to communicate across multiple diverse teams in both focus, skillset, and geo-location
• Ability to clearly articulate to different stakeholders that work within a technical and non-technical area including Executive level documentation
• Microsoft SC-900 certification highly desired
• Certifications such as Security+, CySA+, CCNA, EC-CSOC, SECO-ITSE or BTL
• Other technology specific certifications such as SC-200, AZ-500, CISSP, or PenTest+ are desirable

Benefits

• Opportunity to work in a progressive organization with structured training and roadmap for success

• ProLunch, Game Room, onsite Gym, and fun employee activities!
• Health, Dental and Vision plans available first of the month and other benefits available from day 1
• 401K plan
• Gym reimbursement
• Employee Assistance Program
• Life and Voluntary Life Insurance programs
• Experience in one of the hottest IT industries today

Proficio is an EOE employer.