Detection and Response Engineer

Security Analyst

What success looks like in this role:

• Develop and Implement Custom Detections:
  • Design, develop, and maintain high-fidelity detection rules, signatures, and analytics for a diverse array of enterprise security tools, including Security Information and Event Management (SIEM) systems, Endpoint Detection and Response (EDR) platforms, and Intrusion Detection Systems (IDS). The objective is to identify both known and emerging threats effectively.
  • Translate complex threat intelligence, sophisticated attack methodologies (e.g., leveraging the MITRE ATT&CK Framework), and vulnerability insights into precise, actionable, and automated detection logic.
  • Continuously tune and optimize existing detection mechanisms to significantly reduce false positives, enhance alert fidelity, and ensure a high signal-to-noise ratio, thereby minimizing alert fatigue for security analysts.
• Perform Tier 3 Security Investigations and Proactive Threat Hunting:
  • Lead and conduct advanced, complex security investigations (Tier 3) escalated from lower tiers, encompassing root cause analysis, malware and indicator analysis, and recommending robust corrective measures to prevent future incidents.
  • Proactively conduct threat hunting activities across network, endpoint, and cloud environments to identify novel or hidden threats, subtle anomalies, and security gaps that may evade existing detection controls.
  • Collaborate closely with Incident Response (IR) teams to ensure effective communication, facilitate rapid response to detected threats, and integrate lessons learned into the development of new or refined detection capabilities.
• Manage and Optimize MSSP Tier 1 & Tier 2 Operations:
  • Serve as the primary technical liaison for Managed Security Service Provider (MSSP) partners, providing expert guidance and strategic oversight for their Tier 1 and Tier 2 security monitoring and operational activities.
  • Ensure MSSP adherence to organizational security policies, detection standards, and incident escalation procedures, thereby contributing to the overall security posture.
  • Collaborate with MSSP teams on detection rule deployment, tuning, and validation, leveraging continuous feedback loops to enhance overall detection efficacy and reduce alert fatigue experienced by their analysts.
  • Review MSSP-generated alerts and reports, providing constructive feedback and precise technical direction for continuous improvement in their detection and response capabilities.
• Security Automation and Tooling:
  • Develop and maintain automation scripts and tools (e.g., Python, PowerShell, Bash) to streamline security detection operations, facilitate efficient data parsing, integrate disparate security tools, and enhance response capabilities.
  • Build, design, run, and troubleshoot playbooks within a Security Orchestration, Automation, and Response (SOAR) solution to automate incident response processes and significantly improve operational efficiency.
• Documentation and Continuous Improvement:
  • Maintain comprehensive and up-to-date documentation of detection logic, configurations, incident response procedures, and investigation findings for robust knowledge sharing and auditing purposes.
  • Stay abreast of the latest security threats, vulnerabilities, attack vectors, industry trends, and emerging security technologies to proactively enhance detection measures and fortify digital boundaries.

Required Qualifications:

• Experience: 4-6 years of hands-on experience working in a Security Operations Center (SOC), Network Operations Center (NOC), Digital Forensics, or Incident Response role, demonstrating a foundational understanding of operational security challenges and the incident lifecycle.
• Technical Proficiency:
  • In-depth understanding and practical experience with Security Information and Event Management (SIEM) systems (e.g., Splunk, LogRhythm, Google SecOps, Elastic) for log analysis, sophisticated rule creation, and dashboard development.
  • Strong knowledge of Endpoint Detection and Response (EDR) and Intrusion Detection/Prevention Systems (IDS/IPS).
  • Proficiency in scripting languages (e.g., Python, PowerShell, Bash) for automation, data manipulation, and custom tool development.
  • Solid understanding of network security, protocols, and traffic analysis.
  • Familiarity with threat intelligence platforms and frameworks (e.g., MITRE ATT&CK) to inform detection strategy and rule development.
• Analytical and Problem-Solving Skills:
  • Exceptional analytical skills to analyze large, complex datasets, identify subtle anomalies, patterns, and indicators of malicious activity.
  • Demonstrated ability to think critically, troubleshoot complex problems, and make sound decisions under pressure, particularly during incident investigations.
• Collaboration and Communication:
  • Strong verbal and written communication skills for reporting findings, documenting procedures, and collaborating effectively with cross-functional teams and external partners.

Preferred Qualifications:

• Experience working with Google Cloud Platform (GCP) security services, audit logs, and cloud-native detection tools.
• Hands-on experience with Kubernetes incident response and forensic analysis.
• Familiarity with Detection-as-Code principles, version control (e.g., Git/GitHub), and CI/CD pipelines for detection rule management.
• Relevant security certifications (e.g., SANS, Offensive Security, cloud security certifications).