Detection Engineer (Cybersecurity)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Detection Engineer (Cybersecurity): Developing and optimizing detection content for EDR and ITDR platforms with an accent on custom rule creation and telemetry analysis. Focus on mapping detections to the MITRE ATT&CK framework, researching attacker techniques, and reducing false positives to improve product coverage.
Location: Must be based in Orlando, FL (In-office position)
Company
is a leader in endpoint protection technologies, providing enterprise-level cybersecurity tools like Application Allowlisting and Ringfencing to secure servers and endpoints.
What you will do
- Develop, test, and maintain detection content for Endpoint and Identity Threat Detection platforms.
- Create and maintain custom Sigma, YARA, and Snort detection rules.
- Map detections to the MITRE ATT&CK Framework and continuously improve coverage.
- Analyze Windows telemetry and forensic artifacts to identify detection opportunities.
- Research attacker techniques, including persistence, privilege escalation, and defense evasion.
- Validate detection logic through threat hunting, malware analysis, and adversary emulation.
Requirements
- 3+ years of experience in Information Security.
- 2+ years of experience with EDR or ITDR technologies within an enterprise environment.
- Proficiency in creating custom Sigma, YARA, and Snort detection rules.
- Strong knowledge of Windows operating systems and forensic artifacts.
- Deep understanding of the MITRE ATT&CK Framework and its practical application.
- Must be based in Orlando, FL; this is an in-office position.
Nice to have
- Relevant certifications such as OSCP, GCFA, GCIH, GCIA, GCDA, GCTD, or GISP.
Culture & Benefits
- Opportunity to work with cutting-edge endpoint protection and identity security tools.
- Collaborative environment working closely with Threat Analysts and Security Researchers.
- Exposure to emerging threats, attack techniques, and industry best practices.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →