Senior Threat Detection Engineer (Remote)

Role Summary

Senior Threat Detection Engineer (Remote) responsible for executing the Business Application Security Monitoring (BASM) service, extending Threat Detection and Monitoring (TDM) to include business web applications, coaching junior team members, and collaborating with Incident Response teams and application owners.

Responsibilities

• Onboarding new business applications for security monitoring following the application onboarding process.
• Ensuring application logs meet minimum logging requirements to enable standard monitoring use-cases.
• Collaborating with application SMEs to understand application design and implementation, identifying specific security concerns.
• Performing data exploration and advanced data analysis to implement application-specific custom monitoring use-cases.
• Executing the detection content lifecycle: developing, analyzing, documenting, and maintaining detection content per TDM processes.
• Fostering collaborative relationships with business application SMEs during and after enrollment.
• Supporting and encouraging application teams to adopt enterprise SIEM for operational monitoring of critical apps.
• Providing technical expertise and coordinating defensive toolset engineering, including content creation, tuning, expanding defensive platforms, and implementing new controls.
• Maintaining knowledge of various web application architectures and hosting platforms (SaaS, IaaS, on-prem, dynamic and no-code/low-code).
• Collaborating with specialists to contribute to risk reduction efforts, including assessments and threat research.
• Providing recommendations to leadership to improve program maturity.

Qualifications

• Bachelors Degree and 7 years experience OR Masters Degree and 6 years experience OR PhD and 2 years experience of specialized information security experience
• Expertise in data analysis using a modern SIEM and interpreting log data to infer application activity, user actions, and anomalies
• Ability to interact effectively with non-technical in-business contacts
• Strong business acumen with ability to assess, understand, and articulate technical impact and risk
• Deep knowledge of cloud hosting solutions and their use in web application development
• Strong knowledge of web application architectures, hosting platforms, operating systems, network protocols, systems administration, and security technologies
• Knowledge of SAML, SSO, OAuth, MFA, SSL/TLS, etc.
• Strong cybersecurity terminology and understanding of threat landscape and attack vectors
• Understanding of MITRE ATT&CK framework and practical applications
• Willingness to be available for critical security issues
• Ability to author technical documentation and perform QA reviews
• Critical thinking, problem-solving, and analytical skills
• Collaborative with peers and business/IT stakeholders
• Strong organization, attention to detail, and professional communication
• Ability to work independently and as part of a team; able to execute with limited guidance

Skills

• Threat detection and monitoring
• Data analysis and SIEM proficiency
• Web application security technologies
• Threat modeling and risk assessment
• Technical documentation and communication

Education

• As listed in Qualifications