Develop and document new Detection Capabilities for customer environments
Work with customers to develop a comprehensive strategy for effective detections
Evaluate current monitoring and detection capabilities to identify areas for improvement
Manage detection capabilities to ensure appropriate coverage, effective operation, and adherence to Deepwatch standards
Onboard assigned customers, establishing baseline detection coverage and detection enablement plan post onboarding

Experience working for a Managed Security Service Provider (MSSP) or similar cybersecurity organization
Experience working and querying SIEM tools or other log-based data preferably Splunk
Experience in engineering event detection & response tuning
Ability to engineer creative, scalable, and out-of-the-box solutions
Up to date with engineering best practices, security technology trends, tools, and frameworks
Experience in developing detections for attacker tactics, techniques, and procedures (TTPs)
Able to both investigate and create security rules in at least 1 SIEM
Understanding of general enterprise network architecture and security incident response
Understanding of common enterprise technologies and logging capabilities including Cloud, IDS/IPS, Firewalls, Active Directory, Anti-Virus/EDR, Proxies, and Email Gateway
Understanding of various attack frameworks such as MITRE ATT&CK and general adversarial / defensive security techniques (e.g. the Cyber Kill Chain, and NIST)
Ability to communicate and document technical information effectively towards various audience

Medical, dental, vision, and disability insurance
Flexible Time Off (FTO), 12 company holidays, sick leave and 8-Weeks Paid Parental Leave
Unique professional development benefits with Annual “development dollars” to support our people growth and development
Wellness contests and monthly educational programs
401(K) retirement program

Detection Engineer

Key skills