Key skills
CloudLinuxMacOSPythonTCP/IPGoRIAMSaaSAgile
About this role
Role Overview
- Architect, maintain and iteratively improve Expel's ability to detect and investigate threats using integrated technologies with limited direction.
- Continuously improve Expel’s detection strategy and capability through creation of detections for Expel’s proprietary rule engine.
- Maintain documentation in support of Expel’s detection and response content.
- Improve SOC analyst efficiency by automating investigative workflows using an orchestration framework written in Python.
- Collaborate with engineering on Expel’s integrations and engineering standards associated with each class of integration.
- Evaluate technology APIs to design detection and response solutions to drive value and efficiency in Expel’s Workbench platform.
- Contribute to and thrive in a culture of experimentation, agile, quality and continuous improvement among the team.
- Take a leading role in the team’s research and monitoring of the latest threat landscape and subsequent detection and response automation development.
- Communicate effectively with stakeholders on support requests surfaced to the D&R engineering team.
- Mentor less experienced team members and SOC analysts.
- Bridge the Engineering to effectively identify new platform features and tools to better enable the growth of our detection and response capabilities.
Requirements
- 3+ years of experience with detection and response tools, particularly EDR, NSM, and SIEM.
- 3+ years of experience writing, deploying and tuning custom detections based on research or investigative work against common data sets (Windows Event Logs, auditd, CloudTrail, and similar datasets.)
- Proficiency of Python, Go or other object oriented programming languages
- Strong understanding of Windows, macOS and Linux operating systems and command line tools.
- Knowledge of networking basics, such as TCP/IP and OSI model.
- Expert knowledge and observations of attack vectors, threat tactics, and attacker techniques.
- Intermediate knowledge of cloud infrastructure platforms and their Identity and Access Management (IAM) models.
- Cursory understanding of common Software-as-a-Service (SaaS) applications and available security signal
- Bachelor’s degree in Computer Science or Information Security strongly preferred.
- 5+ years of professional experience in information technology or security operations would be ideal but not required.
Tech Stack
- Cloud
- Linux
- MacOS
- Python
- TCP/IP
- Go
Benefits
- Unlimited PTO (which we model and encourage)
- Work location flexibility
- Up to 24 weeks of parental leave
- Excellent health benefits