Threat Detection Engineer
TENEX.AI · Overland Park, KS · 3 wk ago
HybridEngineeringFull-time
Responsibilities
- Design, develop, implement, and maintain custom detection rules, correlation searches, and alerts within Google Security Operations (SecOps) to identify malicious activity, security incidents, and policy violations.
- Utilize your expertise in the SecOps detection engine and YARA-L syntax to create efficient and effective detection logic.
- Analyze large datasets of security logs and events from various sources (e.g., cloud platforms, endpoint detection and response (EDR), network devices, applications) to identify patterns and anomalies indicative of threats.
- Stay up-to-date with the latest threat intelligence, attack techniques, and security trends to proactively develop new detection strategies.
- Collaborate closely with Security Analysts to tune detections logic based on incident analysis and threat landscape changes.
- Contribute to the development and maintenance of security documentation, including YARA-L rules, response strategies, playbooks, and operational procedures.
- Participate in the evaluation and integration of new security tools and technologies.
- Automate detection creation, threat intelligence gathering, and rule deployment.
- Provide mentorship, training, and guidance to junior team members.
Qualifications
- Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field (or equivalent practical experience).
- Minimum of 5 years of experience in a security operations role, with a strong focus on threat detection and analysis.
- Proven experience developing and implementing YARA-L rules within Google Security Operations (SecOps) is essential.
- Experience with threat intelligence and its integration into detection strategies.
- Deep understanding of security principles, common attack vectors, and threat actor tactics, techniques, and procedures (TTPs).
- Strong analytical and problem-solving skills with the ability to analyze complex security logs and identify meaningful patterns.
- Proficiency in scripting languages such as Python or similar for automation and analysis.
- Experience working with various security technologies and data sources, including but not limited to: Cloud security platforms (e.g., GCP, AWS, Azure), Endpoint Detection and Response (EDR) solutions, Security Information and Event Management (SIEM) systems, Network security devices (firewalls, intrusion detection/prevention systems), Identity and Access Management (IAM) systems.
- The ability to effectively communicate technical information to both technical and non-technical audiences.
- Ability to work independently and as part of a team in a fast-paced environment.
Preferred Qualifications
- Relevant security certifications such as Security+, CySA+, GCIH, GCIA, or similar.
- Familiarity with MITRE ATT&CK framework and its application in developing detection rules.
- Experience with SOAR (Security Orchestration, Automation and Response) platforms.
- Knowledge of data science and machine learning concepts as applied to security analytics.