Key skills
Endpoint securityAutomationorchestrationQuery languagesDetector creationCloud/SaaS experienceSIEM experienceYARASplunkSoft skillsSQLCircleCIGitHubVersion ControlSaaSCommunicationZero Trust
About this role
Zscaler is a pioneer and global leader in zero trust security, seeking a Senior Detection Engineer to join their Detection Engineering team. This role involves analyzing EDR telemetry and log sources, researching coverage opportunities, and building new detectors to protect customers from emerging threats.
Responsibilities:
- Use Red Canary’s detection platform to analyze EDR telemetry, alerts, and log sources across Endpoint, Identity, SIEM, and Cloud domains
- Research coverage opportunities to create new detectors and tune existing ones for maximum efficacy
- Publish threat analysis for customers using concisely-written communication to effectively convey key indicators
- Improve the Detection Engineering workflow through orchestration and automation to manage high-volume telemetry
- Provide mentorship to peers and lead projects that improve the quality of life for both the customer and the CIRT
Requirements:
- Strong experience in Endpoint (MDR) and one or more functional areas including Cloud/SaaS, Identity, Email, or SIEM
- Proven experience with automation and orchestration to effectively handle an extreme volume of telemetry and logs in a timely manner
- Proficiency using query languages and understanding syntax across EDR or other security platforms such as SQL, K, or Lucene
- Experience creating and tuning detectors or rules using commonly known tools such as YARA, SIGMA, Snort, Splunk, or Elastic
- Ability to work the required shift from Sunday - Wednesday, 5pm MST - 3am MST
- Active impact on the Infosec community through writing blogs, participating in webinars, or presenting at conferences
- Experience using version control software such as GitHub or CircleCI for the deployment of detectors and automations
- Previous professional experience in a Red Team capacity