Head of Threat Detection Engineering - 100% US Remote

Company Description

Experian is the world’s leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses and society. We are thrilled to share that FORTUNE has named Experian one of the 100 Best Companies to work for. In addition, for the last five years we’ve been name in the 100 “World’s Most Innovative Companies” by Forbes Magazine.

Experian is the world’s leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses and society. We are thrilled to share that FORTUNE has named Experian one of the 100 Best Companies to work for. In addition, for the last five years we’ve been name in the 100 “World’s Most Innovative Companies” by Forbes Magazine.

Job Description

Global Security Operations Center’s mission is to protect the confidentiality, integrity, and availability of all Experian assets by executing and maintaining the incident response framework. The GSOC proactively and iteratively identify new attacks or attacks underway and then coordinate containment and remediation to minimize the impact as quickly as possible. The GSOC recognizes the importance of effective and efficient content to generate high fidelity alerts and investigations. The Head of Threat Detection Engineering will be responsible for curating, prioritizing, and driving closure on all the GSOC content development tasks and use case requests based on the mission requirements and future initiatives.

Responsibilities:

• Develop, mature, and lead a high performing team of skilled cyber threat content engineers that can drive world class results.
• Support operational leadership tasking as it relates to content development functions and responsibilities.
• Manage and maintain operational content for global threat detection and liaison as the primary point of contact for the GSOC with security engineering and external stakeholders.
• Perform activities within the use case life cycle and MITRE ATT&CK Framework prioritized by cyber threat intelligence, network knowledge, and situational awareness.
• Drive MITRE ATT&CK roadmap and threat-informed use cases across all security tooling, highlighting required log sources for operationalizing rules.
• Create and prioritize cyber threat models that will effectively demonstrate the necessary enterprise and defensive gaps.
• Stay on top of ongoing cyber threats and embed intelligence-driven incident response by producing emerging content derived from threat actor IOCs and TTPs.
• Develop use cases through research and understanding of threats within the industry, providing a refinement of rules and logic within SIEM/UEBA/EDR platforms.
• Support production of effective situational awareness products with relevant metrics and visualizations for leadership and documentation purposes.
• Serve as the subject matter expert (SME) in the areas of cyber risk, security architecture, and threat content development.
• Effectively collaborate with colleagues and the other security functions and product SMEs internally and externally to identify gaps within the existing analytical capabilities.
• Acting as the liaison to fulfill audit, regulatory compliance as well as corporate security policy requirements.

Qualifications

Required Experience: Cyber fusion center and SIEM management experience, along with 5 years’ experience in the following areas:

Demonstrates expert technical skills that are needed to defend the enterprise environment, such as:

• Working knowledge of SIEM technologies and an understanding of their underlying content and alerting logic.
• In-depth packet analysis skills, core forensic familiarity, strong incident handling/incident response/security analytics skills, public cloud security practices, and data fusion skills based on multiple security data sources.
• Ability to perform cyber threat hunts through the identification of patterns and anomalies within the data.
• Extensive knowledge of threat intelligence and the use of threat modeling to create and carry out hypothesis-based threat hunting plans.
• Defensive network infrastructure (operations or engineering) knowledge used to apply security controls and measure the overall impact of various technologies and systems.
• Malware analysis concepts, techniques, and reverse engineering.
• In-depth knowledge of network, endpoint, and cloud security technologies and products (such as firewalls, network IDS, scanners) and continuously improve these skills.
• Deep understanding of security monitoring technologies, such as WAF, Web Proxies, UEBA, DLP, among others.
• Extensive knowledge of MITRE ATT&CK framework and its uses.

Demonstrates behavioral skills, such as:

• Demonstrated ability to work in a team environment, able to train and coach other team members.
• Excellent verbal and written communications skills and ability to produce and present clear and thorough security incident reports and briefings.
• Strong logical thinking abilities, especially with content logic.
• Excellent analytical and problem-solving abilities.
• Excellent organizational and attention to details in tracking activities within various Security Operation workflows.
• Well established client-focused communication skills that requires to read, review, investigate, and summarize reports on complex issues, in a manner that can be understood by non-technical readers.
• Ability to lead content discussion around incident investigation efforts and effectively coordinate communications.

Desired Experience:

• 5+ years of information security related experience or equivalent combination of education/training and technical experience, in areas such as: security operations, incident analysis, incident handling, vulnerability management or testing, system patching, log analysis, intrusion detection, or security device administration as it directly relates to cybersecurity.
• Relevant technical and industry certifications are a plus, e.g., CompTIA, GIAC certifications, CISSP, CISM, OSCP, SIEM vendor-specific certifications.
• A bachelor’s degree is not required, but a degree program with an emphasis on the technical aspects of cybersecurity is very beneficial.

Additional Information

All your information will be kept confidential according to EEO guidelines.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Our goal is to create a thriving, inclusive and diverse team where people love their work and love working together. We believe that diversity, equity and inclusion is essential to our purpose of creating a better tomorrow. We value the uniqueness of every individual and want you to bring your whole, authentic self to work. For us, this is The Power of YOU and and it reflects what we believe.  See our DEI work in action!

Please contact us at JobPostingInquiry@experian.com to request the salary range of this position (please include the exact Job Title as it reads above in your email). In addition to a competitive base salary and variable pay opportunity, Experian offers a comprehensive benefits package including health, life and disability insurance, generous paid time off including 12 company paid holidays and parental and family care leave, an employee stock purchase plan and a 401(k) plan with a company match.

Experian Careers - Creating a better tomorrow together

Find out what its like to work for Experian by clicking here