Threat Detection Engineer
India
Forescout Technologies Inc.
- Develop rule-based detection algorithms in Python.
- Work with the detections engineering team to transform attacker TTPs into viable, low false-positive behavioral and signature detections using Python programming.
- Set up testing environments and conduct data analytics, data cleansing, and testing.
- Continuously evaluate security monitoring contents on XDR platform.
- Identify gaps in existing security capabilities.
- Work with SOC team to automate the detection of new threats.
- Create use-case documents for detected threats.
- Work with the development teams to design and support our security platform and services.
- Work with global threat detection and analytics engineering team, creating detection model in XDR.
- Perform exploratory data analysis on the processed dataset using Google Cloud platform Data analytic tools.
- Collaborate with development, operation and field engineering team to enable successful Threat detection in XDR.
- At least 3+ years of recent hands-on professional experience working as a Threat detection engineer or threat researcher.
- Knowledge and insight into various cyber-attack lifecycle models.
- Python programming/scripting experience preferred.
- In-depth knowledge of security logging for Linux, Windows, Mac OS X, or Active Directory.
- Experience with web services, and cloud technologies, including Google Cloud Platform (GCP), AWS, Azure).
- Experience in Elasticsearch, Kibana, and GCP is preferred.
- Proficiency in building detection algorithms and utilizing logs and events to detect malicious activity with high fidelity from a broad set of detection use cases.
- Proficiency in, and knowledge of, TTPs related to a threat actor or APT group.
- Expertise in tools and techniques for analysing large datasets.
- Work with the SOC team and customer to transform attacker TTPs into viable, low false-positive behavioural and signature detections using Python programming.
- Strong analytical skills with the ability to collect, organize, analyze, and disseminate large amounts of information with attention to detail and accuracy.
- Strong skills working with remote teams in different time zones.
- Development experience on cloud services - AWS, Google, Azure.
- Experience with git, confluence and JIRA.
- Experience with the Elastic search/Splunk stack.
- Experience in cybersecurity applications development or with cybersecurity in general.
- One Team – We all work together, and we all win together.
- Cyber Obsessed – We are curious about technology, innovative and passionate about solving problems.
- Customer Driven – We listen, we learn, and we make it right.
- Relentless– We're smart, determined, and find a way. We figure stuff out.
- Collaborative, without Ego – No one succeeds alone. We strive to be the humble person that people want to work with.
If this opportunity intrigues you, we would love for you to apply!NOTE TO EMPLOYMENT AGENCIES: We value the partnerships we have built with our preferred vendors. Forescout does not accept unsolicited resumes from employment agencies. All resumes submitted by employment agencies directly to any Forescout employee or hiring manager in any form without a signed Employment Placement Agreement on file and search engagement for that position will be deemed unsolicited in nature. No fee will be paid in the event. #LI-VS1
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Active Directory Agile Analytics APT AWS Azure Cloud Compliance Confluence Data Analytics Elasticsearch GCP IoT Jira Linux Monitoring Python Scripting SOC Splunk Threat detection TTPs Windows XDR Zero Trust
Perks/benefits: Career development Competitive pay Equity / stock options Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Security Consultant jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information System Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open Threat intelligence-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Java-related jobs
- Open DevSecOps-related jobs