About the Role
This role involves building and maintaining detection capabilities to identify threats quickly, investigating security incidents, and improving response workflows across systems and teams.
Responsibilities
- Design and implement threat detection rules and analytics
- Monitor security alerts for potential incidents
- Conduct in-depth investigations of security events
- Respond to active threats using defined incident response procedures
- Collaborate with engineering teams to enhance system security
- Improve detection coverage across cloud and on-premise environments
- Analyze attacker tactics, techniques, and procedures
- Develop automation to streamline response workflows
- Maintain and update detection tools and platforms
- Document incident findings and remediation steps
- Support forensic investigations during breaches
- Tune detection systems to reduce false positives
- Participate in on-call incident response rotations
- Evaluate new security technologies for detection use
- Contribute to post-incident reviews and action plans
- Ensure compliance with security policies and standards
- Work with threat intelligence sources to inform detection logic
- Escalate critical findings to senior staff
- Maintain up-to-date knowledge of emerging threats
- Assist in security tool integration across environments
- Optimize logging and telemetry for detection purposes
- Support red team and purple team exercises
- Provide feedback to improve defensive tooling
- Track key performance metrics for detection efficacy
- Promote a culture of security awareness within technical teams
Nice to Have
- Master's degree in cybersecurity or related discipline
- Certifications such as OSCP, GCIH, or CISSP
- Hands-on experience with EDR platforms like CrowdStrike or SentinelOne
- Prior work in cloud-native security environments
- Experience with containerized and Kubernetes-based infrastructure
- Knowledge of deception technologies
- Familiarity with SOAR platforms
- Background in malware analysis
- Experience with digital forensics tools
- Contributions to open-source security projects
Compensation
Competitive salary and benefits package
Work Arrangement
Hybrid work model with flexible remote options
Team
Part of the cybersecurity operations team focused on threat detection and incident response
Security Philosophy
- We prioritize proactive detection over reactive measures.
- Security is integrated early in the development lifecycle.
- We believe in transparency during incident response.
- Continuous improvement drives our detection strategies.
- Collaboration between teams strengthens overall resilience.
Tools & Technologies
- Primary SIEM: Splunk
- Endpoint protection: CrowdStrike Falcon
- Cloud environment: Google Cloud Platform
- Automation: Python and custom scripts
- Version control: Git with GitHub Enterprise
Available for qualified candidates
