Match score not available

Unlock Premium Benefits Today!
🚀 Elevate your career with priority access.
Stand out to top recruiters with Jobgether Priority Access:
  • ✅ Top Match: We help you identify job offers where you're a perfect fit.
  • ✅ Exclusive Referral Service: Connect directly with recruiters as a Jobgether Certified Premium User.
  • ✅ Personalized Feedback: Receive feedback and expert guidance on applications, and have your profile manually reviewed.

Start Your Free Trial Now!

Start my free trial

TDR Lead

Remote: 
Full Remote
Contract: 
Full time
Experience: 
Senior (5-10 years)
Work from: 
South Africa

Offer summary

Qualifications:

7+ years in cybersecurity operations, Full-stack web development experience, AWS DevOps/DevSecOps knowledge.

Key responsabilities:

  • Investigate and respond to potential cyber threats
  • Develop high-signal threat detection rules
  • Build a cloud TDR solution
skill-smiths logo
skill-smiths https://www.skill-smiths.com/
11 - 50 Employees
About skill-smiths
Since our early planning phase, to our launch in October 2021, skill-smiths set out to disrupt the IT recruitment services industry. Rob & Marc, the founders have a combined 38 years’ experience in the IT sector. Having worked closely together for a large systems integrator in the South Africa and International market, we set out to challenge the status quo and how businesses interact and contract IT talent by providing a highly personalised, transparent and honest interaction. We remain involved throughout the entire engagement. Over the past number of years we had noticed and experienced a growing disconnect between people and technology, we aim to bridge this gap by simplifying the process through meaningful partnerships to get the job done. skill-smiths was formed on the simple honest core value “WE CARE” and believe passionately in the power of people and technology At skill-smiths, we believe strongly that education and employment are two key elements to the growth of a community and an economy. This is why we have committed to continuously invest in South Africa through various programs that will result in the creation of jobs and the upliftment of the youth.
See more skill-smiths offers

Job description

Job Description

Senior Threat Detection and Response Engineer / Lead

About Our Organisation

Founded in 2018, our organisation specialises in providing offensive and defensive cybersecurity services for public cloud environments. Our service offerings include penetration testing, red/purple teaming, 24/7 managed security services, PCI DSS QSA assessments, and incident response.

We are an AWS Advanced Tier Services partner and one of only three companies in Australia to have achieved the AWS Level 1 Managed Security Services Provider competency. AWS has recently recognised our rapid growth, naming us as one of the four partners of the year in Australia and New Zealand alongside Crowdstrike, Mantel Group, and PredictHQ.

Our Values

  • Customers are our compass: Our customers drive our decision-making processes. We are dedicated to our mission of protecting them and work backwards from that.
  • We get things done: When we work on something we own it. We love solving difficult challenges and we never make excuses. We know time is valuable and we dont waste it.
  • We are constantly learning: Our team is passionate about what we do and are hungry for knowledge. It excites us that the work we do lets us learn more every day.
  • We are creators: There is always a better way and we are obsessed with continually improving how we do things. Invention is in our DNA and we are all about rewriting the rules.
  • We take pride in our work: If a jobs worth doing, its worth doing well. We pay attention to detail, deliver quality, and encourage each other to be the best at what we do.

Why Join Us

Heres why passionate cyber professionals choose to work with us:

  • We make a real difference: The work we do directly protects the global community from cybercriminals, making the digital world a safer place.
  • We are at the forefront of innovation: Our customers are some of the brightest stars in technology, and we work closely with them to secure their cloud-native platforms.
  • We are shaping the future of threat detection: We are crafting a cloud-native threat detection service that changes the way modern application environments are protected.
  • We unlock potential with continuous learning: We invest in career growth with training programs, attendance at security conferences, and mentorship from cloud security experts.
  • We are a collaborative fast-paced team: Our team is made up of experts in the industry who share a passion for cybersecurity and building innovative technology.

The Role

We are looking for a technical lead to join our fast-growing Threat Detection and Response (TDR) team and help us forge a next-generation cloud-native managed security service. This role would suit someone currently in a senior security operations or DevOps role that is looking to take the next step in their career and become an expert in cloud security.

Our philosophy is that solid defense requires intimate knowledge of offensive tactics. Our managed security service leverages our penetration testing and red team expertise to ensure our TDR team is across current cyber-attack techniques. This, combined with our cloud-native tooling and deep understanding of AWS services, allows us to deliver best-in-class protection for AWS customer environments.

The successful candidate will work closely with our experienced offensive security and incident response teams to understand the latest TTPs used in real-world breaches. That knowledge will be used to continually improve our next-generation threat detection service and protect our customers from cyber-attacks. Our customers include start-ups, scale-ups, enterprises, and state/federal government agencies, giving this role exposure to a range of technologies and industry sectors.

Your Responsibilities

Our in-house SIEM platform, built on Amazon Security Lake, ingests telemetry from AWS services, endpoint security products, and third-party SaaS vendors. You will be working with our team to continuously improve the detection and investigation capabilities of the platform. You will use findings from our offensive team engagements and MITRE ATT&CK® Matrices to detect the latest threat IOCs and TTPs used by highly skilled adversaries.

You will be responding to alerts generated by our SIEM platform and investigating complex attack chains to ensure breaches are rapidly discovered and contained. Using penetration testing techniques, you will also validate any security exposures detected by our Attack Surface Management (ASM) platform and review the security of new customer assets identified by the platform discovery engine.

Your Typical Day

This is not a typical SOC role where you wait for SIEM alerts to come through, you will be constantly applying your current skillset across different areas and learning new skills every day. A typical day will include enhancing the capabilities of our TDR service, using exploit POCs to validate real cyber threats, and giving security advice to customers in shared slack channels.

Your daily activities will include the following:

  • Investigating and responding to potential cyber threats:
    • Ownership through to resolution of alerts generated by our SIEM and ASM platforms.
    • Liaising with customers to provide updates on alert investigation status.
    • Escalating to our offensive security team for validation of complex exposures.
    • Closing alerts with investigation outcomes once appropriate action has been taken.
    • Review of new assets discovered by our ASM platform and assessing exposure risk.
  • Developing high-signal threat detection rules:
    • Tuning existing rules to reduce false positive rates.
    • Developing new rules to search and alert on threat activity.
    • Engaging our offensive security team for rule testing.
  • Building a best-in-class cloud TDR solution:
    • Updating event ingestion pipelines to enrich data for threat detection rules.
    • Monitoring CloudWatch metrics and modifying AWS service configurations as required.
    • Reviewing OpenSearch metrics and modifying index configurations as required.
    • Developing and maintaining runbooks that improve our threat detection processes.
    • Automating routine tasks such as filtering low-priority alerts and sending notifications.

You will also be using your client-facing and engineering skills to work collaboratively with the broader team on projects and periodic reporting. These activities will include:

  • Assistance with onboarding new clients to our TDR and ASM platforms.
  • Integration of new log sources for existing TDR clients.
  • Generation of reports for our managed service clients.
  • Presentation of report content to our managed service clients.

Your Experience

You will need 7+ years experience in one or more of the following areas:

  • Cyber security operations covering both endpoints and web applications.
  • Full-stack web development using secure coding techniques.
  • AWS DevOps/DevSecOps.

Your Skills

The following base technical skills are required for this role:

  • Web Application Security: Ability to analyse HTTP requests and identify basic security issues; understanding of web application threats and attack vectors including:
    • Reflected/Stored/DOM-Based XSS
    • Server-Side Request Forgery
    • Credential Stuffing
    • Account Takeovers
  • Endpoint Security: Understanding of endpoint cyber threats and attack vectors including:
    • Adversary in the Middle
    • Business Email Compromise
    • Info-Stealing Malware
    • Ransomware
  • Network Protocols: Understanding of common internet protocols, including:
    • TCP/IP
    • HTTP
    • DNS
    • TLS
  • Data Analysis: Ability to write advanced data queries using syntax such as SQL, DSL, KQL, or ES|QL; ability to extract relevant data in spreadsheets using formulas and functions.
  • Linux Administration: Proficiency in Linux administration and use of core utilities; scripting for automation using Bash and Python.
  • AWS Services: Configuration of basic AWS services via console and CLI, including:
    • EC2 Instances
    • Lambda Functions
    • Security Groups
    • IAM Permissions

Non-Technical Skills Required

  • Clear communication of technical information to both technical and non-technical audiences.
  • Problem-solving and critical thinking to approach problems from different angles and identify potential solutions.
  • Ability to independently find information from internet resources and use that to solve complex problems.
  • Strong organisational skills with the proven ability to meet deadlines in a fast-paced environment.
  • Ability to make quick decisions under pressure, weighing risks and benefits to choose the best course of action.
  • Ability to interpret data, identify patterns, and draw conclusions from complex information.

Required profile

Experience

Level of experience: Senior (5-10 years)
Spoken language(s):
English
Check out the description to know which languages are mandatory.

Hard Skills

AutomationEffective CommunicationEndpoint SecurityCyber OperationsLinux AdministrationNetwork ProtocolsData AnalysisAmazon Web ServicesCustomer DevelopmentWeb Application SecurityFull Stack Development

Other Skills

  • Decision Making
  • Organizational Skills
  • Problem Solving
  • Critical Thinking
Are you interested?

Related jobs

See more jobs
Sign in or sign up with Google or LinkedIn