Detection Engineer
US-Remote
The Basics:
The Detection Engineer is responsible for facilitating the development and continuous improvement of Tanium’s internal cybersecurity detection program. Candidates will work closely with operations, engineering, architects and business units throughout Tanium to collaborate on threat models and ensure adequate detection mechanisms are in place for a changing threat landscape. This role will be required to balance strategic thinking and tactical hands-on execution. Candidates will enhance existing methods to measure the coverage and quality of detection while also prioritizing and driving efforts to close gaps. As such, candidates will often create or enhance existing detections mechanisms while ensuring alerts are properly transitioned to the security operations team. Candidates are expected to question the status quo to identify opportunities for continuous improvement and are enabled to take action to ensure the effectiveness of a distributed security program operating within DevOps centric workflows.
What you'll do:
- Drive a comprehensive security detection strategy applied consistently across the organization
- Develop comprehensive reports and metrics on the efficacy and long-term tracking of detection coverage
- Drive continuous development and tuning of detection measures
- Partner with security teams and business units to define appropriate log visibility & detection related gaps
- Lead continuous improvement efforts to evaluate detection capabilities & related tooling efficiency
- Build innovative ways to detect potential threats within on premise and cloud environments
- Collaborate with operations personnel to prioritize and close detective gaps
- Work with security architects and engineers to develop detective compensating controls based on threat models
- Drive standardization and repeatable processes and procedures within operations as it pertains to responding to threats
- Participate in the development and execution of threat hunting exercises
- Develop, implement, document and maintain SIEM & Detection engineering tooling management controls, standard operating procedures, narratives and test scripts.
- Plan, run, and participate in table top exercises
- Collaborate with engineering teams to develop automation to improve the efficiency of security operations
We’re looking for someone with:
- Education
- Bachelor's Degree in Computer Science, IT or other relevant degree or equivalent work experience
- Experience
- In accordance with Department of Defense requirements, applicants for this role must be a U.S. citizen, national, or resident pursuant to 8 U.S.C. 1101(a)(20) and 8 U.S.C. 1324b(a)(3)
- 2+ years working in a Security Operations or equivalent role
- 2+ years responding to threats in AWS (GCP, Azure, OCI are nice to have)
- Working knowledge of common frameworks (e.g., Mitre ATT&CK, CIS, FedRAMP)
- Ability to use data to derive meaningful metrics to drive prioritization
- Firm understanding of attacker tactics, techniques, and procedures and means of detection
- Ability to synthesize risks and derive detection countermeasures
- Experience with server, workstation, and containerization platforms
- Proficiency with security tools and platforms (e.g., SIEMs, vulnerability scanners, and malware analyzers)
- Working knowledge DevOps concepts (e.g., Infrastructure as Code, Deployment Pipelines, etc.)
- Familiarity with IDS/IPS systems and endpoint Antivirus and EDR products
- Experience analyzing cloud provider logs (e.g., CloudTrail) to identify and respond to security events
- Strong foundation in cloud-native investigative techniques and incident response methodologies
- Practiced with common cloud-based cybersecurity services (e.g. GuardDuty, Cloud Guard, Azure ATP)
- Detail oriented with ability to balance multiple project streams
About Tanium:
At Tanium, we offer a proven platform for endpoint visibility and control that transforms how the world's largest and most sophisticated organizations manage and secure their computing devices with unparalleled speed and agility. There’s a reason why more than half of the Fortune 100, top retailers and financial institutions, and four branches of the US Armed Forces rely on Tanium.
Our unstoppable spirit, drive to do the right thing and win as a team attitude has earned us the rank of 7th on the Forbes list of “Top 100 Private Companies in Cloud Computing” for 2019 and 10th on FORTUNE’s list of the “100 Best Medium Workplaces.”
On a mission. Together.
At Tanium, we are stewards of a culture that emphasizes the importance of collaboration, respect, and diversity. In our pursuit of revolutionizing the way some of the largest enterprises and governments in the world solve their most difficult IT challenges, we are strengthened by our unique perspectives and by our collective actions.
We are an organization with stakeholders around the world and it’s imperative that the diversity of our customers and communities is reflected internally in our team members. We strive to create a diverse and inclusive environment where everyone feels they have opportunities to succeed and grow because we know that only together can we do great things.
At Tanium, we take care of our employees and their communities with things like 5 days of Volunteer Time Off.
Tags: Automation AWS Azure C Cloud Computer Science DevOps EDR FedRAMP GCP IDS Incident response IPS Malware MITRE ATT&CK SIEM Strategy
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Chief Information Security Officer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open IT Security Engineer jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open CI/CD-related jobs