Threat Detection Engineering Intern

Proficio is an award-winning managed detection and response (MDR) services provider. We provide 24/7 security monitoring, investigation, alerting and response services to organizations in healthcare, financial services, manufacturing, retail and other industries. Take a video tour of our global network of 24/7 Security Operations Centers (SOCs).

Proficio has been highlighted in Gartner’s Market Guide for Managed Detection and Response Services for the last five consecutive years. MSSP Alert ranks Proficio among the top 250 global Managed Security Services Providers (MSSPs).

We have a track record of innovation. Proficio invented the concept of SOC-as-a-Service. We were the first MSSP to provide automated response services and are the only company in our space with a patent for cyber risk scoring and security posture gap analysis.

Our typical client is a medium to large-sized organization that lacks the in-house resources to address the challenges of a rapidly changing threat landscape. The difficulty of hiring and retaining cybersecurity professionals are widely understood. Our prospective clients are also challenged to effectively harness technology and build hardened processes that reduce the risk of security breaches.

While Proficio has developed a unified service delivery platform designed to meet the needs of the most demanding clients, what sets us apart is the quality and passion of our people. We believe the SOC of the Future will meld the creativity of human intelligence with the power of advanced technologies like AI.

Proficio’s commitment to developing and promoting our team members is unparalleled in our industry. Most of our senior managers were promoted from within.

The Threat Detection Engineering Intern will support the team performing tasks to ensure the proper and timely on-boarding of new customers in the SIEM. With direction from other members of the team, this role will work with to modify, customize, and apply use cases from our library, based on customer functionality and alerting requirements. Works on assigned task to ensure timely deployment of our services, automation the alerting process, creation of reporting and dashboards, and coordination with other internal departments to ensure continuous customer satisfaction. The Threat Detection Engineering Intern is focused on whitelisting, tuning, onboarding, and development tasks that require quick turnaround time.

Responsibilities

• Perform portions of the SIEM onboarding tasks for new customers helping to ensure appropriate content and resources are deployed correctly.
• Learn to configure alerts and functionalities in the SIEM to facilitate immediate processing of incoming logs
• Work closely with our Security Analyst team to provide real time translation from alerting to use case adaptation. This work will include correcting templates, modifying rules, and collaborating with the full use case/content team on new use case creation.
• Process use case development tickets from our customer request queue. This generally involves clarifying intent through internal resources to provide the most accurate response to our clients need.
• Work closely with our Engineering, Analyst, and R&D teams to understand our complete service offering to identify and resolve problems for our customers and create a better platform for our service delivery team.
• Participate and perform other tasks as may be required for this role.

Requirements

• Education in cybersecurity including data ingestion and knowledge of SIGMA and MITRE framework
• 1+ college course on Splunk SIEM (open source version) and/or project work in Elastic related to SIEM operations
• Associate or bachelor’s degree in computer science or combination of relevant education and experience is preferred.
• Must be willing and able to complete trainings/certifications (including SPLUNK, AWS, etc.) for self -improvement or as may be required for the role.
• Basic understanding of the current threat landscape including knowledge of different threat actor profiles and attack methods.
• Demonstrated knowledge of general networking principles including full knowledge of TCP/IP communication, the OSI model, common network ports, and basic network defense
• Coursework on Unix or Linux system administration including command line
• Fundamentals understanding of the threats reported by various data sources such as IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web proxies.
• Scripting skills in Python, Bash, or PowerShell
• Excellent communication and presentation skills within a team setting in a collaborative manner
• Quick learner and intuitive thinker – the more you learn, the faster you’ll grow!
• Effective documentation and time task management skills
• Confidence in independently delivering effective technical solutions
• Excellent problem-solving skill, ability to identify and apply appropriate technical resolutions.
• Must protect client and company proprietary information and always maintain confidentiality.

Benefits

• Opportunity to work in a progressive organization with structured training and roadmap for success

• Lunches and fun employee activities!
• Experience in one of the hottest IT industries today

Proficio is an EOE employer.