Group Manager, Threat Detection Engineering and Operations

🌍 Remote, USA 💹 Full-time 🕐 Posted Recently

Job Description

About the position

    Responsibilities
  • Define detection engineering strategy, roadmap, and objectives
  • Build and mature detection engineering processes and standard patterns
  • Build new detection capabilities based on research of new attack techniques
  • Evaluate, validate, tune, and sunset necessary detection capabilities
  • Identify and close gaps in detection coverage
  • Build runbooks and playbooks for SOC analysts to operationalize new detections
  • Work with system owners, SIEM team, and Detection Operations to onboard and operationalize new data sources
  • Define and manage coverage and efficacy metrics, reporting them on a regular cadence to leadership
  • Lead root cause analysis for detection quality issues and direct next steps to address and prevent recurrence
  • Participate in Cyber Incident Response Team (CIRT) rotation that may involve non-traditional working hours
    Requirements
  • BA/BS degree or higher in Computer Science, Cybersecurity or equivalent work experience
  • 5+ years' industry experience in Incident Response or Security Operations activities
  • 3+ years leadership experience in a SOC or similar role
  • Proven track record of building scalable organizations that have world class threat detection capabilities
  • Technical proficiency performing security investigations at scale; including endpoint, cloud, identity, network, and email threats
  • Practical experience with Detection & Response tools for network, endpoints, cloud, and identity as well as SOAR platforms
  • Hands-on experience with SIEM and Data Lake solutions (e.g., Splunk, Snowflake, S3)
  • Expertise with query languages (SQL, SPL, BigQuery)
  • Strong fundamentals of Linux, MacOS, and Windows operating system internals
  • Deep understanding of attacker techniques, tools and procedures
  • Understanding of cloud environments such as AWS, GCP, and/or Azure
  • Proficiency creating and managing operational metrics that increase team efficiency and quality
  • Experience with coding languages to build/automate (e.g., Python, Go)
  • Experience working with security frameworks like MITRE ATT&CK or Lockheed Martin's Cyber Kill Chain; ability to track and discuss an attack through the cyber killchain
  • Ability to manage effective relationships with organizational leaders, build a roadmap, and drive broad initiatives to completion
  • Understanding of Machine Learning concepts as related to predictive analytics
  • Experience with forensic data capture, analysis, and preservation
  • Comprehensive understanding of the detection engineering field
    Nice-to-haves
  • Admin or Architect level knowledge of a SIEM (Splunk, Azure Sentinel, QRadar, etc)
  • In-depth knowledge of security standard processes in large-scale environments
  • Ability to navigate hard conversations and disseminate information to team members
  • Willingness and ability to accept responsibility and provide guidance to team members
  • Effective organizational and planning skills, with the ability to successfully guide projects through to completion
  • Experience with software development or security automation highly preferred
  • CISSP or CISM certification preferred
  • Hands-on experience with AWS Cloud (AWS Solutions Architect level of knowledge)
    Benefits
  • Competitive compensation package
  • Cash bonus eligibility
  • Equity rewards
  • Comprehensive benefits package
  • Regular pay equity comparisons across categories of ethnicity and gender

Apply Now

Apply Now

Ready to Apply?

Don't miss out on this amazing opportunity!

🚀 Apply Now

Similar Jobs

Recent Jobs

You May Also Like