Cyber Threat Engineer - Global Threat Operations

About Trustwave

Trustwave is a leading cybersecurity and managed security services provider focused on threat detection and response. We uncover threats that others can’t and respond quicker than others can to protect against the devastating impacts of cyberattacks. We’re a world-class team of cyber consultants, threat hunters and researchers serving clients in 96 countries. At Trustwave, you can learn alongside the best, make a personal impact on a global scale, and solve new challenges every day. Learn more about us at https://www.trustwave.com.

A Cyber Threat Engineer is a member of the Threat Detection and Response (TDR) team within Trustwave Managed Security Services (MSS). This team specifically will act as the monitoring and response extension of a Digital Forensics and Incident Response Services (DFIR) team to provide 24/7 monitoring. In addition to possessing technical knowledge, a Threat Engineer interacts extensively with customers and partners using polite professional etiquette and serves as a technical point of escalation within TDR.

Cyber Threat Engineers Perform The Following Duties

• Analyze escalated, complex cases involving a pattern of security events from endpoint detection and response technologies.
• Resolve intractable technical problems within managed security solutions as part of a sustained improvement project.
• Create, improve, and document processes for the management and monitoring of security solutions.
• Tune devices for blocking and reporting based on customer business need.
• Baseline threat detection devices for complex and potentially breached customer environments.
• Test and improve endpoint detection, protection, and response policies.
• Take responsibility for customer satisfaction and overall success of managed services.
• Timely respond to questions and concerns of the DFIR and client security teams concerning incident investigation and response.
• Adhere to policies, procedures, and security best practices.
• Resolve problems independently and understand appropriate documentation and escalation procedures.
• Perform rotating on-call duties (nights/weekend rotations).
• Act as a mentor and escalation point for analysts within the Threat Detection and Response team.
• Working hours: 12:00 p.m. UTC- 11:00 p.m. UTC (Wednesday - Saturday shift)
  
  

Skills & Knowledge Requirements

Must have intermediate skills/knowledge in some of the following:

• Cyber investigation and incident handling best practices
• Endpoint Detection and Response
• Unix/Linux and Windows system administration
• Current exploit and remediation techniques
• Threat Hunting and Investigation
• Web Services Administration
• Log collection and analysis tools
  
  

Desired Experience

• Advanced Palo Alto Cortex XDR
• Intrusion analysis experience
• Incident handling and documentation
• Excellent customer service skills
• Excellent analytical thinking and problem-solving skills
• Strong oral and written communication skills
• Self-managed and team oriented
• Deadline and detail oriented
• Highly motivated
  
  

Preferred

• Intermediate to advanced experience in Information Security related areas
• Certified in Security related Industry, Vendor or Professional Certification- GCIA, GCIH, Security+, OSCP, or CEH preferred.
• Certified in Vendor Specific Incident Handling and Investigation Certifications:
• Palo Alto Networks Systems Engineer: Cortex Associate
• Palo Alto Networks Systems Engineer: Cortex Professional
• Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA)
• SentinelOne Incident Response
• Crowdstrike Certified Falcon Responder (CCFR)
  
  

Education

• A high school diploma or equivalent is required; a college or university degree is a plus.
  
  

This is a remote opportunity open to anyone legally authorized to work in the USA. Guided by our flexible workplace philosophy, Moments That Matter, people gather in the office when in-person interaction is most impactful; full-time remote employees may be asked to travel occasionally based on the needs of the team and the business.

Trustwave is an Equal Opportunity Employer. We're committed to treating everyone with respect, one of our core TRUST Values, and strive to create a culture that empowers all Trustees to be their best, most authentic selves. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age, or any other federally protected class.

To All Agencies

Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave’s policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.