Duties: | As a Detection Engineer atclient, your primary focus will be on implementing, configuring, and maintaining security detection rules and mechanisms within our on-premise and Google Cloud environments. Your expertise will contribute to our mission of safeguarding our assets and ensuring the highest level of security for our cloud infrastructure. This role requires in-depth knowledge of detection engineering, incident response, investigations, and emerging threat trends. |
Skills: | - MITRE ATT&CK Framework: Utilize the MITRE ATT&CK Framework for threat detection creation, gap assessment and analysis.
- Security Detection Implementation: Implement, configure, and maintain security detection rules and mechanisms, including intrusion detection, anomaly detection, and log analysis tools, to identify and respond to security incidents.
- Security Operations: Play a critical role in the day-to-day security operations, including monitoring, tuning, analysis, and proactive threat hunting.
- Incident Response: Lead incident response efforts, investigate security incidents, conduct root cause analysis, and implement corrective measures.
- Kubernetes Incident Response: Apply expertise in Kubernetes for incident response and forensic analysis.
- Security Automation: Develop and maintain automation scripts and tools to streamline security detection operations and response.
- Documentation: Maintain comprehensive documentation of security detection configurations, incident response procedures, and investigations.
- Stay Current: Stay up-to-date with the latest security threats, vulnerabilities, and industry trends to proactively enhance security detection measures.
|
Education: | - Bachelor's degree or a related field experience
- Google Cloud Professional Cloud Security Engineer certification or equivalent experience.
- Experience with cloud security detection tools and technologies, including intrusion detection, anomaly detection, and log analysis.
- Proficiency in scripting and automation (e.g., Python, Bash).
- Experience in incident response, investigations, and security operations.
- Proficiency in Kubernetes with a focus on incident response and forensic analysis.
- Familiarity with the MITRE ATT&CK Framework for threat detection and mitigation.
- Experience working with Splunk Enterprise Security or similar SIEM solutions.
- Experience working with threat emulation solutions like Atomic Red Team, PurpleSharp, Safebreach ,etc..
- Experience with CI/CD pipelines and Test Driven Development using Python
- Excellent problem-solving and analytical skills.
- Strong communication and teamwork skills.
Relevant certifications such as CISSP, GCIH, GCIA, Certified Kubernetes Administrator (CKA), or Splunk certifications are a plus. |