Key skills
Detection engineering programIncident response best practicesSIEM tools (Splunk)Security tools EDRSecurity tools SASESecurity tools IDPCloud security AWSCloud security GCPCloud security AzureAutomation tools/frameworksData analysisCollaborationCommunicationProblem-solvingPythonPowerShellAIAWSAzureGCPSplunkSaaSSalesZero Trust
About this role
HubSpot is an AI-powered customer platform that focuses on helping businesses grow by connecting marketing, sales, and service. In the Principal Detection Engineer role, you will be responsible for the lifecycle of threat detection, building use cases, and writing detection logic to detect malicious activity, while collaborating with engineering and incident response teams to improve alert reliability and security.
Responsibilities:
- Build a threat detection engineering program (full lifecycle)
- Build attack simulation scenarios, detection use cases & test their effectiveness
- Leverage an automation first mindset to work smarter / more efficiently
- Help respond when needed to critical security incidents
- Consult stakeholders on security-related subjects ranging from general OpSec, infrastructure architecture etc
Requirements:
- Experience building / maturing a detection engineering program
- Hands-on security operations experience working within a modern zero trust oriented cloud / SaaS-heavy environment
- Strong understanding of incident response best practices with practical experience responding to moderate to complex security incidents
- Experience identifying / building new detection use cases
- Ability to collect / analyze large sets of structured / unstructured data from disparate sources
- Solid experience using SIEM tools (Splunk) for security investigations
- Experience using various security tools (EDR,SASE, IDP etc) to assist with an investigation
- Strong networking and systems knowledge with a good understanding of macOS, Windows and Linux
- Experience working collaboratively to define and implement security policies, procedures, and controls
- Experience providing internal security consultancy / advice to other teams within the company
- Experience using code (Python / Powershell) to solve problems, facilitate easier data analysis, and to automate security tasks
- Acutely aware of industry security trends, advisories, news, and general research
- Deep knowledge of macOS, Windows and Linux and practical experience in secure such systems
- Experience in detection engineering processes / behaviors
- Experience monitoring / securing AWS, GCP, or Azure cloud environments
- Experience with SOAR platforms
- Experience using automation tools / frameworks / applications
- Planning, coordinating, and / or executing security assessments of networks, systems, applications, and cloud platforms