Senior Threat Detection Engineer (Remote)

Role Summary

The Senior Threat Detection Engineer will execute the Business Application Security Monitoring (BASM) service, extending Threat Detection and Monitoring (TDM) to include business web applications. The role serves as a technical subject matter expert on attacker tactics targeting web apps, coaches junior team members, performs advanced data analysis, and collaborates with Incident Response and application owners. Location can be anywhere in the U.S. The role involves creating threat detection content by collaborating with application owners, using telemetry and logs in the SIEM.

Responsibilities

• Onboard new business applications for security monitoring by following the application onboarding process.
• Ensure application logs meet minimum logging requirements to enable standard monitoring use-cases.
• Collaborate with application SMEs to understand design and implementation, identifying security concerns.
• Perform data exploration and advanced data analysis to implement application-specific monitoring use-cases.
• Execute the detection content lifecycle: develop, analyze, document, and maintain detection content following TDM processes.
• Foster collaborative relationships with business application SMEs during and after enrollment.
• Support and encourage application teams to adopt enterprise SIEM for operational monitoring of critical apps.
• Lend technical expertise and coordinate defensive toolset engineering, including content creation and tuning of defensive platforms and new controls.
• Maintain knowledge of various web application architectures and hosting platforms (SaaS, IaaS, on-prem, dynamic and no-code/low-code).
• Collaborate with specialists and analysts on risk reduction through assessments and threat analysis.
• Provide recommendations to leadership to improve program maturity.

Qualifications

• Bachelors Degree and 7 years of experience, or Masters Degree and 6 years, or PhD and 2 years in specialized information security.
• Expertise in data analysis using a modern SIEM; ability to interpret log data to infer activity, user actions, and anomalies.
• Ability to interact effectively with non-technical business contacts.
• Strong business acumen and ability to articulate technical impact and risk to diverse audiences.
• Deep knowledge of cloud hosting solutions and their use in web application development.
• Strong knowledge of web application architectures, hosting platforms, operating systems, network protocols, systems administration, and web app security technologies.
• Knowledge of SAML, SSO, OAuth, MFA, SSL/TLS, and related concepts.
• Understanding of cyber security terminology, threat landscape, and attack vectors.
• Thorough understanding of MITRE ATT&CK framework and practical applications.
• Willingness to be available for critical security issues as needed.
• Ability to author technical documentation and perform quality assurance reviews of peers' documents.
• Strong critical thinking, problem-solving, and analytical skills; ability to investigate and resolve issues.
• Ability to collaborate with peers and IT stakeholders; strong organization and attention to detail.
• Excellent written and verbal communication; ability to work independently and as part of a team with limited guidance.

Skills

• Threat detection content development
• Data analysis and SIEM analytics
• Web application security
• Incident response collaboration
• Technical documentation
• Risk assessment and mitigation

Education

• As listed in Qualifications

Additional Requirements

• Willingness to work remotely within the U.S. for critical issues as needed.