Threat Detection Engineer - Europe Remote

At Cybereason Security Services, we stop attacks. Consequently, we recognize that the digital landscape is ever-evolving and the need for cyber threat detection is crucial to safeguard our clients information and operations. We are currently seeking Threat Detection Engineers to enhance our capabilities in identifying and detecting cyber threats.

Overview As a Threat Detection Engineer you will be instrumental in the creation, testing, tuning and deployment of threat detections, evaluating their security value, analysing and assigning the detection to the MITRE attack framework, and streamlining the delivery of security services across the entire scope of our company. You will be required to communicate complex detection capabilities to both technical teams and non-technical senior executives and customers, making your ability to translate intricate technical details into clear, understandable terms a vital asset to our team.

Responsibilities

• Create and research new ways to tie event telemetry together in new and valuable ways
• Develop, debug and deploy detections
• Continually find ways to streamline processes and re-use of code
• Parse various types of log events into standardized formats regardless of the availability of vendor documentation
• Find creative ways to correlate events that are otherwise indirect
• Produce detection and process documentation
• Collaborate with Global SOC, IR and product related teams on progress or issues
• Perform open source intelligence (OSINT) collection and analysis, identifying relevant indications of cyber threats, malicious code, malicious websites, and vulnerabilities.
• Work to ingest disparate data sources to enrich existing detection set
• Provide mentoring and collaboration with other team members

Key Performance Indicators (KPIs)

• Sense of urgency for high priority deliverables
• Quality and standardization of code
• Impact of contributions to Cybereason Security Services performance in the form of improvements to:
• Detection deployment timelines
• Enrichment and tuning of detections, increasing quality
• Demonstration of creativity and security value
• Adaptability to new processes and technologies

Qualifications

• 4+ years+ of relevant experience in the cybersecurity industry, particularly in the areas of detection engineering, red/blue teaming, cyber threat groups, existing attack methods and their resulting log patterns
• 4+ years + of experience with query syntax and usage, particularly those applying to log files (Splunk, YARA-L, OPAL, SQL, etc) - simple and complex joins and aggregations
• Foundational understanding of computer networking and modern computer architecture/operating systems
• Familiarity with network and security control products (firewalls, auth systems, MFA, cloud) and vendor and industry standard event logging formats (syslog, CEF, etc)
• Working knowledge MITRE ATT&CK, Lockheed Martin’s Cyber Kill Chain frameworks
• Background and experience in at least 3 of 6 areas is required:
• Cyber Threat Intelligence - OSINT, Dark Web, or research
• Digital Forensics & Incident Response (DFIR)
• Detection Engineering (in support of EDR/XDR/MDR platforms)
• SOC operations and analysis
• Malware analysis & reverse engineering
• Penetration Testing and/or Red Team
• Demonstrable problem-solving and analytical thinking capabilities
• Attention to detail
• Ability to manage competing priorities and work efficiently under pressure
• Experience with a query language
• Preference for candidates with Terraform experience
• Preference for candidates with Observe OPAL experience
• Preference for candidates with experience interfacing with external customers
• Motivated to constantly improve processes and methodologies
• Self-starting and capable of leading and completing assignments without supervision
• Excellent interpersonal, verbal & written communication skills
• Ability to work both independently as well as on a team. Comfortable working in remote work environments with a globally distributed team in multiple countries
• Ability to mentor others; proactively collaborates and shares knowledge 

More About Cybereason:

Our culture and how we operate reflects in our shared values. Our #Defenders are individuals with diverse skill sets and backgrounds who are driven to innovate and scale with our growing organization. We are a team that strives to learn from each other, solve challenging problems, and work collaboratively toward our goal of reversing the adversary advantage.

Core Values:

• Win As One: The power of an individual is less than the power of a team.
• Ever Evolving: Change keeps us at the forefront, so we encourage it.
• Daring: To achieve the impossible, we must dare to be different.
• Obsessed with Customers: We believe gaining our customers’ trust is the most important part of what we do.
• Never Give Up: We are tenacious and resilient, and we never stop.
• UbU: We believe people can only unlock their full potential when they work somewhere that accepts who they are.

If these values resonate with you and our vision excites you, join us today and help us end cyber attacks from the endpoint to everywhere! #Defenders

Don’t meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At Cybereason we are dedicated to building a diverse, inclusive, and authentic workplace (#uBu), so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.