Dragos, Inc.Remote
Staff Analytics Engineer
United States of America
Full Time
6 days ago
$192,000 USD
Visa Sponsor
Key skills
PythonRustSQLAIMLData WarehousingAnalyticsAWSAzureGCPElasticsearchELK StackLogstashKibanaGitVersion ControlCI/CD
About this role
Dragos, Inc. is on a mission to defend industrial organizations with best-in-class technology and services. They are seeking a highly skilled Analytics Engineer to enhance the security of operational technology environments by identifying and classifying OT assets and supporting the development of vulnerability mappings and threat detection capabilities.
Responsibilities:
- Participate in efforts for discovering and cataloging OT assets using advanced detection methodologies
- Work in tandem with reverse engineers to decipher proprietary protocols and uncover asset attributes using vendor documentation and protocol specifications
- Partner with developers to integrate findings into Dragos’s threat detection and response platform
- Contribute to the creation of detection logic and rules for real-time threat monitoring of atomic operations
- Troubleshoot and fix both internal engine configurations and python analytics use for asset identification and atomic operations
- Develop and document team CI/CD and testing standards, authoring unit, integration, and end two end tests to verify characterizations and detections are working as expected
- Collect PCAPs using OSINT, Generate PCAPs utilizing test range, or craft PCAPs utilizing software to use in both detection development and regression testing
Requirements:
- 4 years in a production software development environment, with 2 years of experience with python development
- 6+ years in cyber security related field; operations, threat hunting, detection development, offensive operations, threat emulation, security research, or security tool development
- Experience with analysis of network packet captures (PCAPs) and traffic using tools such as Wireshark and Network Miner
- High level of experience using Suricata, Wireshark/tshark for network packet capture (PCAPs) analysis, and SIEM tools
- Familiarity with containerized solutions for debugging
- A solid understanding of both Linux and windows command line tools for debugging
- A Strong ability to conduct open-source research
- Experienced with git (or other software version control solutions)
- ICS/OT knowledge and experience
- Experience developing in Rust or applying AI/ML techniques in production environments
- Familiarity with building data pipelines using Python and cloud platforms (AWS, GCP, or Azure), along with SQL, data normalization, and data warehousing experience
- Exposure to OT technologies, such as PLC programming or HMI configuration
- Knowledge of tools like Zeek or Yara for threat detection or network analysis
- Experience with the ELK stack (Elasticsearch, Logstash, Kibana) for log and event analysis
- Experience incorporating AI tools, models, or services into development workflows