Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!
Be a member of the Cloud Detection and response team to rapidly respond to new and emerging threats. The candidate will have expertise in analyzing cloud platform logs, to detect security threats, unauthorized access, and suspicious activities within cloud environments. The candidate should have a deep understanding of cloud services, security configurations, and the ability to develop custom detection rules and alerts based on cloud platform logs. This role requires strong analytical skills, attention to detail, and the ability to work collaboratively in a dynamic and fast-paced environment to continuously enhance product detection capabilities!
Key Responsibilities:
- Analyze cloud platform logs (CloudTrail, Audit Logs, etc.) and Logs to identify patterns and anomalies indicative of security threats or unauthorized access.
- Develop implement and maintain detection rules based on cloud platform logs to identify specific activities and events within cloud environment.
- Create and optimize alerts and notifications for security incidents identified through log analysis.
- Perform adversary emulation activities to identify detection gaps in the environment.
- Stay updated with cloud service changes and ensure detection mechanisms are adjusted accordingly.
- Tune detection rules to enhance threat detection capabilities according to threat intelligence reports.
- Knowledge and implementation of MITRE ATT&CK to map use cases across the initial points of exposure, alert mapping, and incident reporting.
- Collaborate with security teams to refine detection rules based on the latest threat intelligence. Work closely with teams to discover new detection capabilities.
- Integrate cloud platform log data with SIEM systems for centralized monitoring and correlation with other security events.
- Document detection rules, processes, and methodologies for cloud platform log analysis.
- Generate regular reports on security findings, incidents, and remediation activities for stakeholders and management.
Experience:
5+ years of experience in cybersecurity as a Threat Detection Analyst or a Threat Detection Engineer.
Qualifications:
- Bachelor’s degree in computer science, Information Security, or related field (or equivalent work experience).
- Relevant certifications are nice to have such as AWS Certified Security Specialty, Microsoft Certified: Azure Security Engineer Associate, or Google Cloud Professional Cloud Security Engineer are a plus.
Technical Qualifications:
- Solid experience in analyzing cloud service providers' log formats like AWS CloudTrail, Azure Audit Logs, and GCP Audit Logs and Logs
- In-depth knowledge and experience with cloud-native security tools, security configurations, services, and best practices.
- Developing custom detection rules.
- Knowledge of threat intelligence sources and indicators of compromise (IOCs).
- Proficiency in programming/scripting languages such as Python, PowerShell, or similar languages for log analysis.
- Experience with SIEM systems and log integration.
- Understanding of DevOps and CI/CD pipelines in cloud environments.
Soft Skills:
- Excellent communication and collaboration skills
- Adapt to changing priorities and quickly come up with innovation solutions.
- 'Can-do' attitude and strong analytical, problem-solving skills.
- Self-driven. Ability to take initiatives and work with minimal supervision.
- Act as a go-to person for your area of expertise
- Provide timely updates and reports.