Threat Detection Engineer
Austin, TX or Remote
WHAT IS BOX? Box is the market leader for Cloud Content Management. Our mission is to power how the world works together. Box is partnering with enterprise organizations to accelerate their digital transformation by creating a single platform for secure content management, collaboration and workflow. We have an amazing opportunity to further establish ourselves as leaders in the space, and we need strong advocates to help us achieve that goal. By joining Box, you will have the unique opportunity to help capture a majority of this developing market and define what content management looks like for the digital enterprise. Today, Box powers over 97,000 businesses, including 70% of the Fortune 500 who trust Box to manage their content in the cloud. WHY BOX NEEDS YOU Every business in the world is looking to modernize the way that they work. As the leader in cloud content management, Box is the only company positioned to help enterprises transform how people work together. Come help us continue to develop a forward-leaning security posture and an incredible team dedicated to detecting and responding to threats, keeping both Box and our customers safe. WHAT YOU'LL DO
- Build, test and deploy detection analytics based on research of novel attack techniques and real world threats to Box.
- Work closely with our Incident Response Team to improve the fidelity, context and automation of new and existing alerting.
- Identify and assist service owners with logging configuration to eliminate gaps in logging visibility.
- Work closely with our Offensive Security Team to identify and develop solutions for gaps in detection coverage.
- A Bachelors degree in computer science, cybersecurity, mathematics, data science or related fields, or equivalent work experience.
- 2 years of experience in a security operations role.
- You are comfortable (and enjoy!) searching through TB's of data in a SIEM to find interesting patterns (i.e. Splunk, ELK, etc.).
- You are familiar with Splunk Processing Language (SPL) or SQL and want to become a power user.
- You have worked as an incident responder or have partnered closely with an incident response team.
- You are comfortable writing small scripts in python or similar scripting languages.
- You have an understanding of how attackers leverage commonly used Mitre Att&ck techniques and common ways to detect them.
- Visit this webpage to check out all of our exciting benefits: https://join.collectivehealth.com/box
Job tags: Analytics Automation Incident response Offensive Security Python SIEM Splunk Threat detection
Job region(s): North America Remote/Anywhere