The Detection Engineer is responsible for facilitating the development & continuous improvement of Taniums internal cybersecurity detection program. Candidates will work closely with operations, engineering, architects & business units throughout Tanium to collaborate on threat models & ensure adequate detection mechanisms are in place for a changing threat landscape. This role will be required to balance strategic thinking & tactical hands-on execution. Candidates will enhance existing methods to measure the coverage & quality of detection while also prioritizing & driving efforts to close gaps. As such, candidates will often create or enhance existing detections mechanisms while ensuring alerts are properly transitioned to the security operations team. Candidates are expected to question the status quo to identify opportunities for continuous improvement & are enabled to take action to ensure the effectiveness of a distributed security program operating within DevOps centric workflows.
What you'll do:
- Drive a comprehensive security detection strategy applied consistently across the organization
- Develop comprehensive reports & metrics on the efficacy & long-term tracking of detection coverage
- Drive continuous development & tuning of detection measures
- Partner with security teams & business units to define appropriate log visibility & detection related gaps
- Lead continuous improvement efforts to evaluate detection capabilities & related tooling efficiency
- Build innovative ways to detect potential threats within on premise & cloud environments
- Collaborate with operations personnel to prioritize & close detective gaps
- Work with security architects & engineers to develop detective compensating controls based on threat models
- Drive standardization & repeatable processes & procedures within operations as it pertains to responding to threats
- Participate in the development & execution of threat hunting exercises
- Develop, implement, document & maintain SIEM & Detection engineering tooling management controls, standard operating procedures, narratives & test scripts.
- Plan, run, & participate in table top exercises
- Collaborate with engineering teams to develop automation to improve the efficiency of security operations
Were looking for someone with:
- Bachelor's Degree in Computer Science, IT or other relevant degree or equivalent work experience
- In accordance with Department of Defense requirements, applicants for this role must be a U.S. citizen, national, or resident pursuant to 8 U.S.C. 1101(a)(20) & 8 U.S.C. 1324b(a)(3)
- 2+ years working in a Security Operations or equivalent role
- 2+ years responding to threats in AWS (GCP, Azure, OCI are nice to have)
- Working knowledge of common frameworks (e.g., Mitre ATT&CK, CIS, FedRAMP)
- Ability to use data to derive meaningful metrics to drive prioritization
- Firm understanding of attacker tactics, techniques, & procedures & means of detection
- Ability to synthesize risks & derive detection countermeasures
- Experience with server, workstation, & containerization platforms
- Proficiency with security tools & platforms (e.g., SIEMs, vulnerability scanners, & malware analyzers)
- Working knowledge DevOps concepts (e.g., Infrastructure as Code, Deployment Pipelines, etc.)
- Familiarity with IDS/IPS systems & endpoint Antivirus & EDR products
- Experience analyzing cloud provider logs (e.g., CloudTrail) to identify & respond to security events
- Strong foundation in cloud-native investigative techniques & incident response methodologies
- Practiced with common cloud-based cybersecurity services (e.g. GuardDuty, Cloud Guard, Azure ATP)
- Detail oriented with ability to balance multiple project streams
At Tanium, we offer a proven platform for endpoint visibility & control that transforms how the world's largest & most sophisticated organizations manage & secure their computing devices with unparalleled speed & agility. Theres a reason why more than half of the Fortune 100, top retailers & financial institutions, & four branches of the US Armed Forces rely on Tanium.
Our unstoppable spirit, drive to do the right thing & win as a team attitude has earned us the rank of 7th on the Forbes list of Top 100 Private Companies in Cloud Computing for 2019 & 10th on FORTUNEs list of the 100 Best Medium Workplaces.
On a mission. Together.
At Tanium, we are stewards of a culture that emphasizes the importance of collaboration, respect, & diversity. In our pursuit of revolutionizing the way some of the largest enterprises & governments in the world solve their most difficult IT challenges, we are strengthened by our unique perspectives & by our collective actions.
We are an organization with stakeholders around the world & its imperative that the diversity of our customers & communities is reflected internally in our team members. We strive to create a diverse & inclusive environment where everyone feels they have opportunities to succeed & grow because we know that only together can we do great things.
At Tanium, we take care of our employees & their communities with things like 5 days of Volunteer Time Off.