Lead Engineer - Threat Detection Operations

Employer
Location
Brooklyn Park, Minnesota, United States
Posted
Aug 24, 2016
Closes
Mar 23, 2017
Category
Engineering
Employment Status
Full Time
- Think critically and creatively while analyzing security events, network traffic, and logs to engineer new detection methods- Define and implement security detection use cases and cyber hunting exercises

- Work directly with cyber threat intelligence analysts to convert intelligence into useful detection

- Collaborate with incident response team to rapidly build detection rules as needed

Minimum Qualifications and Experience:

- BA/BS in information technology, computer science, or related field OR commensurate experience

- Familiarity with host and network forensics concepts

- Ability to analyze packet captures (.pcap files)

- Experience with Splunk, Arcsight, Logger, or other SIEM-like platform.

Preferred Qualifications and Experience:

- Experience writing queries using the Splunk Search Processing Language (SPL) or comparable SEIM

- Experience developing content in ArcSight

- Ability to write Snort or Suricata Signatures

- Comfort writing scripts in Python and/or PowerShell

- Familiarity with application of "cyber kill chain" and "pyramid of pain" concepts

- Demonstrated ability to analyze details of security events ranging from simple low-sophistication attacks to more advanced adversaries

- Disk and memory forensics

- Basic malware analysis

- MS in information technology, computer science, network engineering, software engineering etc.

More jobs like this