Detection Engineer, Splunk Experience

About the Company

Cyderes is a global cybersecurity powerhouse offering comprehensive solutions around managed security, identity and access management, and professional services. Cyderes provides the people, process, and technology modern enterprises rely on to manage risk, maintain compliance, and respond to security threats with greater speed, scale, and cost-efficiency than traditional in-house solutions. Born from the merger of two award-winning cybersecurity firms, Herjavec Group and Fishtech Group, Cyderes has six security operations centers and offices across the United States, Canada, the United Kingdom, and India.

About the Job

Cyderes is looking for a dedicated, creative, and experienced Detection Engineer I to join our managed services Engineering team. We are looking for someone who can apply their SIEM analysis, rule building, administration and scripting experience to support and maintain detection content for customer SIEMs. This position will work with teams internally and clients externally to develop threat-informed detection rules, assist in requirements gathering for iterative rule deployment improvements, provide support, represent detection capabilities for SIEMs to internal teams and clients, improve and document team standard operating procedures, use data to generate actionable insights for team and leadership, and perform ongoing enhancements. Candidate should be able to handle high priority demands while driving consistent results and have a passion for delivering valuable data insights to clients. Candidate should also bring the right attitude to the team including accountability, ownership, and positivity. We embrace a fast-paced work environment and are looking for like-minded individuals that have a passion for continual improvement, new ideas, tinkering with new projects, and creating solutions to complex problems.

Responsibilities:

• Design and work with partners to collect detection data and assist in generating meaningful insights
• Provide production support for multiple SIEM technologies (Splunk, Chronicle, Sentinel, QRadar, LogRythm, etc)
• Assist in the creation of business requirements for iteratively improving detection engineering workflows, processes and procedures
• Analyze data on detection rule performance to provide feedback and identify tuning opportunities
• Attend client calls when required to discuss detection rule requirements and capabilities
• Provide production support and solve complex business-vertical specific issues
• Advocate for efficient and appropriate detection rules for our clients
• Involved in all agile meetings providing feedback to team and project managers
• Work cross-functionally with other members and teams within the entire Cyderes organization on a professional level

Requirements

Minimum Qualifications:

• Prior experience in Splunk and one or more SIEM (Chronicle, Sentinel, QRadar, LogRythm, etc) platforms' administration including developing and implementing detection rules and or saved searches using YaraL, KQL, SPL, AQL or other detection language
• Prior experience interacting with or administering common security technologies (SIEM, EDR, Phishing, IDS/IPS, Firewall, etc)
• Prior experience analyzing data in common log formats (JSON, YAML, XML, CEF, CSV, etc.)
• Understands the basics of data/log analysis and the relationships between data sets
• Understands the basics of extracting, transforming, and loading data
• Understands the basic use of ITSM tools (Jira, ServiceNow, etc)
• Understands basic security threats (Insider, APT, Malware, Emerging Threats, etc)
• Understands basic open-source intelligence gathering (IOCs, Threat Actors, etc)
• Understands basic pattern matching (regular expressions)
• Understands the basics of security operations
• Strong written and oral communication skills, must be able to explain data and how detection rules use that data to an audience with a variety of technical skills
• Splunk or other SIEM certification is a plus
• Knowledge of Python, or other scripting languages is a plus
• Knowledge of SQL is a plus
• Knowledge of CI/CD is a plus
• Knowledge of various DBMS platforms (Spanner, BigQuery, MySQL) is a plus
• Knowledge of interacting with APIs (Postman, Insomnia, curl, etc) is a plus
• Knowledge of GCP environments is a plus