Threat Detection Engineer

Job Description

Threat Detection Engineer

Full-Time, Exempt

Location: Scottsdale, AZ; On-site

Salary: Competitive Base + Options!

Lumifi is looking for motivated individuals to fill threat content developer positions. Candidates should have ample exposure to network security principles, threat detection practices, rule writing, along with first-hand experience working in a security operations center or security engineering environment. Prospective candidates should have excellent communication skills, work effectively in a team, and perform well in a rapidly paced workplace. The position is located at our Scottsdale, AZ office.

Primary Duties:

Proactively threat hunt and identify misconfigurations within a SIEM solution. Additionally, be able to provide strategic recommendations and assist in guiding the customer to resolution.

Threat research and rule writing for various SIEM platforms.

Identify gaps in log collection, signatures, and indicators of compromise (IOC) visibility. Then work with customer success team and engineering to improve detection capabilities.

Identify advanced malicious activity that has evaded traditional security monitoring capability.

Assist customers with requests to help integrate the SIEM into their environment and workflows.

Required technical skills:

Must have general knowledge of SIEM functionality and usage

Knowledge of endpoint detection and configuration of alerts

Strong understanding of network principles and topology, network protocol behavior, security devices (IPS, IDS, HIPS, firewall).

First-hand security operations center (SOC) experience performing analyst/security engineer duties.

Deep understanding of how malicious traffic appears over the network. Rule and/or query writing experience in at least one SIEM

Must have strong threat detection knowledge and intuition.

Should understand content testing, implementation, and revision cycle.

Must understand how to gather threat intelligence and identify IoCs for use in detection mechanisms at both the host and network level.

Candidates should also have exposure to a wide variety of network and host logging formats (EDR/EPP, syslog, CEF, Windows Event Logs, Sysmon, firewall, DNS, Office 365, etc.).

Prior experience and knowledge with threat intelligence, managing a threat intelligence platform (TIP), and/or managing/monitoring honeypot infrastructure is a plus.

Recommended certifications: GIAC 400/500-level certifications (or industry equivalent).

Required experience (Minimum): 2-3 years of direct involvement with security operations, security engineering, threat analysis, incident response, and/or threat detection. Prior consulting or advisory experience preferred.

Benefits Include:

Health Insurance 80% paid by employer

Dental Insurance 80% paid by employer

Vision Insurance 80% paid by employer

Short-term disability 100% paid by employer

Self- Managed vacation policy

Paid sick leave

Paid holiday leave

All candidates must be eligible to work in the U.S. for any employer.

Lumifi welcomes and encourages diversity in our workplace. All qualified applicants will receive consideration for employment without regard to race color, religion, sex, sexual orientation, gender identity, national origin or disability. Lumifi participates in E-Verify.

Powered by JazzHR

ygsxhYVq1a