Cyderes (Cyber Defense and Response) is a pure-play, full life-cycle cybersecurity services provider with award-winning managed security services, identity and access management, and professional services designed to manage the cybersecurity risks of enterprise clients. We specialize in multi-technology, complex environments with the in speed and agility needed to tackle the most advanced cyber threats. We leverage our global scale and decades of experience to accelerate our clients’ cyber outcomes through a full lifecycle of cybersecurity services. We are a global company with operating centers in the United States, Canada, the United Kingdom, and India.
About the Job:
Cyderes is looking for a dedicated, creative, and experienced Senior Detection Engineer to join our managed services Engineering team. We are looking for someone who can apply their SIEM analysis, rule building, administration and scripting experience to support and maintain detection content for customer SIEMs. This position will work with teams internally and clients externally to develop threat-informed detection rules, assist in requirements gathering for iterative rule deployment improvements, provide support, represent detection capabilities for SIEMs to internal teams and clients, improve and document team standard operating procedures, use data to generate actionable insights for team and leadership, and perform ongoing enhancements. Candidate should be able to handle high priority demands while driving consistent results and have a passion for delivering valuable data insights to clients. Candidate should also bring the right attitude to the team including accountability, ownership, and positivity. We embrace a fast-paced work environment and are looking for like-minded individuals that have a passion for continual improvement, new ideas, tinkering with new projects, and creating solutions to complex problems.
Responsibilities:
- Design and work with partners to collect detection data and assist in generating meaningful insights
- Provide production support for multiple SIEM technologies (Splunk, Chronicle, Sentinel, QRadar, LogRythm, etc)
- Assist in the creation of business requirements for iteratively improving detection engineering workflows, processes and procedures
- Analyze data on detection rule performance to provide feedback and identify tuning opportunities
- Attend client calls when required to discuss detection rule requirements and capabilities
- Provide production support and solve complex business-vertical specific issues
- Advocate for efficient and appropriate detection rules for our clients
- Involved in all agile meetings providing feedback to team and project managers
- Assist junior engineers in overcoming obstacles, defining and accomplishing goals, and mentorship
- Assist in the onboarding of new team members
- Work cross-functionally with other members and teams within the entire Cyderes organization on a professional level
Requirements:
- Prior experience in one or more SIEM (Splunk, Chronicle, Sentinel, QRadar, LogRythm, etc) platforms’ administration including developing and implementing detection rules and or saved searches
- Prior experience in security operations (analyzing/triaging alerts, etc)
- Prior experience and proficiency using ITSM tools (Jira, ServiceNow, etc)
- Prior experience interacting with APIs (Postman, Insomnia, curl, etc)
- Prior experience in open-source intelligence gathering (IOCs, Threat Actors, etc)
- High Proficiency in detection rule languages (YaraL, KQL, SPL, AQL, etc)
- Strong proficiency interacting with or administering common security technologies (SIEM, EDR, Phishing, IDS/IPS, Firewall, etc)
- Strong proficiency analyzing data in common log formats (JSON, YAML, XML, CEF, CSV, etc.)
- Strong proficiency in data/log analysis and the relationships between data sets
- Proficiency in SQL (joins, aggregation functions, concatenation, case statements, etc)
- Proficiency with pattern matching (regular expressions)
- Proficiency in extracting, transforming, and loading data
- Proficiency in using DBMS platforms (Spanner, BigQuery, MySQL)
- Proficiency in understanding security threats (Insider, APT, Malware, Emerging Threats, etc)
- Proficiency scripting/automation using Python or other scripting languages
- Strong written and oral communication skills, must be able to explain data and how detection rules use that data to an audience with a variety of technical skills
- Splunk or other SIEM certification is a plus
- Understands the basics of CI/CD (Github, Github actions)
- Knowledge of GCP environments is a plus
Cyderes i
s an Equal Opportunity Employer (EOE). Qualified applicants are considered for employment without regard to race, religion, color, sex, age, disability, sexual orientation, genetic information, national origin, or veteran status.
Note: This job posting is intended for direct applicants only. We request that outside recruiters do not contact us regarding this position.