Principal Detection Engineer
Remote - USA
Applications have closed
Dragos, Inc.
Dragos secures industrial assets across vertical industries. Learn more about how we protect critical industries to reinforce ICS/OT cybersecurity around the world.
Backed by the industry’s largest and most experienced team of industrial control systems (ICS) cybersecurity practitioners, Dragos Cyber Threat Intelligence provides in-depth visibility of threats targeting industrial environments globally and the tried-and-true defensive recommendations to combat them. As the Dragos Cyber Threat Intelligence team identifies emerging threats to ICS environments, it is the responsibility of the Intel Detection team to study the threat behaviors and create atomic, component and composite detections for our software technology: The Dragos Platform. We are seeking a Principal Detection Engineer to join our team. This role supports the creation of ICS-focused threat behavior-based detections which are performant and provide coverage for a wide range of ICS technologies through our collaboration with the Research and Development (R&D), OT Watch team and Quality Engineering.
#LI-JF1 #LI-REMOTE
Responsibilities
- Plan and lead the execution of large, ongoing ICS Threat Detection initiatives that focus on emerging Activity Groups or ICS-focused malware
- Proactively identify threat detection and asset identification tickets. Engage Detection Engineers o support your ideation, asset generation and configuration efforts.
- Lead the selection and prioritization of ICS-focused threat detections (atomic, component, composite, and events) and asset identifications.
- Lead the analysis of Dragos threat intelligence reports (and other sources) to create detection ideation tickets for threat behavior-based detections and asset identifications.
- Lead the analysis of ICS asset types that align with our primary industry verticals to support asset identifications.
- Supporting research and development of new detection techniques, improvements to the engineering workflow and enhancements to the Dragos Platform.
- Support the documented processes for authoring, validating, and testing detections/events to ensure they are released into the product within a Knowledge Pack (KP).
Requirements
- 7+ years in security operations, threat hunting, detection development, offensive operations, threat emulation, or security tool development
- Experience operationalizing Cyber Threat Intelligence to defend networks from emerging threats.
- Experience with analysis of network packet captures (PCAPs) using tools such as Wireshark and Network Miner.
- Experience with network packet analysis and manipulation using tools such as Tshark (and other Wireshark command line tools), ngrep, tcpdump, Zeek/Bro, and Scapy.
- Awareness of common operating system internals and the ability to identify analytic opportunities.
- Awareness of Windows Event Logging fundamentals which would include reviewing logs in the Windows Event Viewer, enabling of Windows Event Logging, Adjusting Event Log Size and Retention Settings and enabling Advanced Audit Policies.
Compensation
- Salary: $165,000
- Salary + Benefits + Equity = $284,000
- Comprehensive benefits plan (medical, dental, vision, disability, life insurance, 401K with match)
- Equity at Dragos is quickly growing, and the total compensation under-represents the future growth and refresh program. This will be discussed on the first call with the Dragos recruiter.
#LI-JF1 #LI-REMOTE
Tags: ICS Industrial Malware R&D Threat detection Threat intelligence Windows
Perks/benefits: 401(k) matching Equity Health care Insurance Team events
Regions:
Remote/Anywhere
North America
Country:
United States
Job stats:
36
1
0
Category:
Security Engineering Jobs
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs