Principal Detection Engineer

Remote - USA

Full Time Senior-level / Expert USD 165K - 284K
Dragos, Inc. logo

Dragos, Inc.

Dragos exists to safeguard civilization. Our industrial cybersecurity platform, services & intelligence help you secure industrial networks (ICS/IIoT).

View all employer listings

Apply now Apply later

Backed by the industry’s largest and most experienced team of industrial control systems (ICS) cybersecurity practitioners, Dragos Cyber Threat Intelligence provides in-depth visibility of threats targeting industrial environments globally and the tried-and-true defensive recommendations to combat them. As the Dragos Cyber Threat Intelligence team identifies emerging threats to ICS environments, it is the responsibility of the Intel Detection team to study the threat behaviors and create atomic, component and composite detections for our software technology: The Dragos Platform. We are seeking a Principal Detection Engineer to join our team. This role supports the creation of ICS-focused threat behavior-based detections which are performant and provide coverage for a wide range of ICS technologies through our collaboration with the Research and Development (R&D), OT Watch team and Quality Engineering.


  • Plan and lead the execution of large, ongoing ICS Threat Detection initiatives that focus on emerging Activity Groups or ICS-focused malware
  • Proactively identify threat detection and asset identification tickets. Engage Detection Engineers o support your ideation, asset generation and configuration efforts.
  • Lead the selection and prioritization of ICS-focused threat detections (atomic, component, composite, and events) and asset identifications.
  • Lead the analysis of Dragos threat intelligence reports (and other sources) to create detection ideation tickets for threat behavior-based detections and asset identifications.
  • Lead the analysis of ICS asset types that align with our primary industry verticals to support asset identifications.
  • Supporting research and development of new detection techniques, improvements to the engineering workflow and enhancements to the Dragos Platform.
  • Support the documented processes for authoring, validating, and testing detections/events to ensure they are released into the product within a Knowledge Pack (KP).


  • 7+ years in security operations, threat hunting, detection development, offensive operations, threat emulation, or security tool development
  • Experience operationalizing Cyber Threat Intelligence to defend networks from emerging threats.
  • Experience with analysis of network packet captures (PCAPs) using tools such as Wireshark and Network Miner.
  • Experience with network packet analysis and manipulation using tools such as Tshark (and other Wireshark command line tools), ngrep, tcpdump, Zeek/Bro, and Scapy.
  • Awareness of common operating system internals and the ability to identify analytic opportunities.
  • Awareness of Windows Event Logging fundamentals which would include reviewing logs in the Windows Event Viewer, enabling of Windows Event Logging, Adjusting Event Log Size and Retention Settings and enabling Advanced Audit Policies.


  • Salary: $165,000
  • Salary + Benefits + Equity = $284,000
  • Comprehensive benefits plan (medical, dental, vision, disability, life insurance, 401K with match)
  • Equity at Dragos is quickly growing, and the total compensation under-represents the future growth and refresh program. This will be discussed on the first call with the Dragos recruiter.
Dragos is the Industrial Cybersecurity expert on a relentless mission to safeguard civilization. In a world of rising cybersecurity threats, Dragos protects the most critical infrastructure – those that provide us with the tenets of modern civilization – from increasingly capable adversaries who wish to do it harm. Devoted to codifying and sharing our in-depth industry knowledge of ICS/OT systems, Dragos arms industrial defenders worldwide with the knowledge and tools to protect their systems as effectively and efficiently as possible. Founded by world-class industrial intelligence experts, Dragos has the industry’s largest team of ICS/OT practitioners who have been on the front lines of the world’s most significant industrial cyber-attacks.   Diversity, Equity, and Inclusion are core values at Dragos, and we are passionate about building and sustaining an inclusive and equitable working environment for all. Every team member enriches our diversity by exposing us to various ways to understand and engage with the world, identify challenges, and discover, design, and deliver solutions. Not only does a Diversity, Equity, and Inclusion focus enrich our environment and teams, but it is also critical to our success as we defend against adversaries worldwide. The broad range of ideas, experiences, and perspectives is critical to our success.   Dragos is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics, or any other basis forbidden under federal, state, or local laws. All new hires must pass a background check as a condition of employment. 

Tags: ICS Industrial Malware R&D Threat detection Threat intelligence Windows

Perks/benefits: 401(k) matching Equity Health care Insurance Team events

Regions: Remote/Anywhere North America
Country: United States
Job stats:  28  1  0
  • Share this job via
  • or

Other jobs like this

Explore more Cybersecurity career opportunities

Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.