CTO Detection & SOAR Engineer

About Trustwave

Trustwave is a leading cybersecurity and managed security services provider focused on threat detection and response. We uncover threats that others can’t and respond quicker than others can to protect against the devastating impacts of cyberattacks. We’re a world-class team of cyber consultants, threat hunters and researchers serving clients in 96 countries. At Trustwave, you can learn alongside the best, make a personal impact on a global scale, and solve new challenges every day. Learn more about us at https://www.trustwave.com.

Ideal Candidate

As a Detection & SOAR Engineer you play a critical role in our client’s team of cyber security professionals at their location in Washington D.C. If you enjoy looking through data sets for anomalies, researching malware, reading up on the latest adversary's techniques, tactics, and procedures, trying out new penetration tools and techniques to see what telemetry is generated, this position is for you.. We are looking for those who thrive in a fast-paced environment, operate autonomously with informed risk-taking, and excel as a creative problem solver committed to delivering exceptional customer outcomes.

Key Responsibilities

• Identify relevant data sources to determine threat-detection scenarios and use cases.
• Engineer specific, yet abstract detectors finding the ideal balance between an adversary's tactics, techniques, and procedures (TTPs).
• Automate threat-detection scenarios and use cases to improve Cyber Incident Response workflows.
• Provide Cyber Fusion enablement for requests to improve threat detection.
• Build threat detection models identifying relevant threats leveraging the Detection Development Lifecycle, Threat Detection Maturity and Alerting and Detection Strategy (ADS) Frameworks.
• Assess the effectiveness of threat detection practices and countermeasures across the Enterprise infrastructure and applications.
• Perform Cyber Fusion technology detection gap assessments, assist with developing the strategic enhancement roadmap.
• Participate in planning sessions related to Enterprise projects or new technologies to implement process improvement within the functional area.
• Maintain your technical operational skills and actively participate in cyber incident management when necessary.
• Stay current with governmental regulations applicable to reporting cyber incidents and how they impact operations and procedures.
• Participate in team training activities and tabletop exercises.
• Work a regular shift and be available for emergency on-call.

Qualifications:

• Bachelor's Degree in Computer Science, Information Systems, Software Engineering, Software Development, Applied Data Science and Machine Learning, or relevant field, and 7 years of relevant experience or 11 years of relevant work experience in Cybersecurity.
• Must possess 3 years of relevant experience with scripting, object-oriented programming, coding, or infrastructure-as-code (IaC).
• Ability to think critically and like threat actors.
• Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
• Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality threat detectors.
• Knowledge of MITRE ATT&CK, Mobile, and ICS Frameworks or equivalent.
• Knowledge of MITRE ATT&CK Navigator or equivalent.
• Knowledge of MITRE Engage and Defend Frameworks or equivalent.
• Skill in using multiple analytic tools, databases, and techniques. (e.g., Analyst's Notebook, divergent/convergent thinking, link charts, matrices, etc.)
• Skill to analyze and assess internal and external partner cyber operations capabilities and tools.
• Skill in providing understanding of target or threat systems through the identification and link analysis of physical, functional, or behavioral relationships.
• Proficiency in SIEM administration and use case development (3+ years).
• Experience with SOAR or workflow optimization platforms (2+ years).

Preferred Qualifications:

• Professional cyber security certifications – Security+, CEH, CISSP, etc.
• Hands-on experience with Red Team, Penetration Testing, Offensive Security, Applied Data Science and Machine Learning, Cyber Deception, Reverse-Malware Engineering

This is a hybrid opportunity requiring 1-3 days in the office per week. Candidate must be a United States citizen.

Trustwave is an Equal Opportunity Employer. We're committed to treating everyone with respect, one of our core TRUST Values, and strive to create a culture that empowers all Trustees to be their best, most authentic selves. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age, or any other federally protected class.

To All Agencies:

Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave’s policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.