Conduct threat detection, incident handling and hunting activities by leveraging security best practices and current detection/response platforms.
Proactively threat hunt and identify misconfigurations within a SIEM solution. Additionally, be able to provide strategic recommendations and assist in guiding the customer to resolution.
Develop use cases and create threat detection logic, rules, and alerting in SIEM for response by the Security Operations team.
Contributing to the management of playbooks in our SOAR solution.
Identify gaps in log collection, signatures, and indicators of compromise (IOC) visibility. Then work with customer success team and engineering to improve detection capabilities.
Identify advanced malicious activity that has evaded traditional security monitoring capability.
Assist customers with requests to help integrate the SIEM into their environment and workflows.

Bachelor’s degree in Computer Science, Information Security, or related field
3+ years’ experience with SIEM, EDR, XDR, SOAR, and NDR
Experience in security operations, threat detection, incident response, or security engineering. Prior consulting or advisory experience preferred.
Strong knowledge of endpoint detection, alerting, and content tuning
Solid understanding of networks, protocols, and security tools (IPS, IDS, HIPS, firewalls)
Hands-on SOC experience as an analyst or security engineer
Experience writing SIEM rules/queries and analyzing malicious network traffic
Ability to gather threat intelligence and identify IoCs across host and network
Familiarity with common log sources (EDR, syslog, Windows Event Logs, DNS, firewall, Office 365, etc.)
Relevant certifications (GIAC, ISC2, CompTIA, Microsoft, IBM) preferred
Strong communication skills and ability to work in dynamic environments

Threat Detection Engineer

Key skills