Principal Engineer - Threat Detection

We are seeking a dynamic, experienced Principal Engineer with strong operational and analytical experience in Threat Intel and Detection Engineering to join our talented and dedicated Cyber Security team.

Required Experience:

8

+ Years
Job Locations:

Remote

Location Restrictions:

Travel

Basic Qualifications and

As a Principal Engineer on our Cyber Security team,you will report directly to the CISO and will be challenged to provide new and innovative solutions using cutting-edge technologies in a highly creative and technical environment. This position is an opportunity to drive a security program and team to new levels through active innovation, ideas, creativity,and collaboration.

Responsibilities
  • You will be directly responsible for establishing the vision and direction, as well as day-to-day successful execution of four(4) primary functional areas: Detection Engineering, Detection Planning, Detection Development & Release Management, and Detection Operations.
  • Own security solutions throughout their lifecycle(design, dev, deploy) in order to continuously improve the ability to detect and respond to advanced, targeted threats.
  • Provide engineering leadership to your team,partner teams, and management, ensuring a cohesive approach to security engineering efforts.
  • Lead proactive threat hunting activities to identify malicious activity.
  • Research and track emerging threats, to ensure partner teams and understand relevant attacker tactics, techniques, and procedures.
  • Draw from your industry expertise in understanding how an attacker would behave and translate it to custom security detection content.
  • Identify and prioritize new data sources and their applicability to the detection of advanced adversaries
  • Collaborate across teams for training, development opportunities, and service improvement.
  • Ensure that all documents, workflows, and processes remain accurate and up-to-date.

Required Skills and Experience
  • Bachelor’s degree in computer science, information security or equivalent practical work experience.
  • 10+ years of information security experience working as a SOC analyst, security content developer, and/or security engineer.
  • One or more security certifications (e.g. SANS,Offensive Security, ISC2, CompTIA, etc.)
  • Proficiency in common programming language (e.g.Python, Go, RoR, PHP, Java, etc.) and working with Databases (engineering and administration), Cloud technologies, Web Services, and APIs.
  • Experienced in full stack application development,web design, data visualization, scrum and Agile development.
  • Technical point of contact and company-wide expert for high visibility projects, responding to product manager, sales, and non-technical colleague requests for information and additional functionality,as well as participating in software development and systems integration.
  • Significant experience delivering systems and processes providing meaningful and actionable information to customers and users from very large datasets.
  • Ability to understand systems quickly and translate understanding into logic to detect anomalies within the system.
  • Ability to lead people to think critically by guiding them without doing the work for them.
  • Demonstrates a strong passion for learning and a desire to enable the growth of others.
  • Demonstrated ability to speak with people with varying knowledge in IT Security concepts and have the tailor your message to the audience.
  • Deep understanding of Incident Response framework and root cause analysis with the ability to prioritize actions and take-charge when needed.
  • Capability to look at a process to identify opportunities for cycle-time reduction.
  • Ability and desire to think outside of the box for creative solutions to problems with the accountability and personal drive to follow-through.
  • Excellent interpersonal skills and ability to see things through the customer’s eyes yet still able to speak authoritatively and confidently while balancing respect and tact.
  • Experience working with geographically dispersed teams and customers.
  • Understanding how endpoint operating systems,applications, event logs from various sources, and network traffic protocols work in enough detail to engineer data acquisition and monitoring solutions for them.
  • Understanding of network, operating system, and application deployment architectures found in most enterprise environments and the ability to determine the best possible approach to instrumentation and Detection Mechanism development given macro and micro level goals.
  • Proficient to expert level working knowledge of Network Intrusion Detection systems and developing capabilities in their respective platforms.
  • The ability to design and implement Continuous Integration development programs for detection content.
  • Working closely with teams responsible for security event analysis and Incident Response/Handling developing solutions that facilitate supervised feedback loops.

Interested in this position?
Fill out the form below!