Offer summary

Qualifications:

Bachelor’s degree in Cybersecurity, Computer Science, or a related field, or equivalent practical experience in cybersecurity., Hands-on experience with cyber threat detection engineering and anomaly detection., Solid understanding of threat intelligence and attacker methodology., Proficiency in Python scripting for automation and data analysis is a plus..

Key responsabilities:

Design, develop and maintain a comprehensive threat detection library including rules, alerts, and dashboards.

Deliver detection instrumentation across various data, tools, and technologies.

Collaborate with security engineers, analysts, and threat hunters to build effective threat detection capabilities.

Develop and scale detection, mitigation, and response automation tooling.

Job description

Job Title: Threat Detection Engineer
Location: San Jose, CA (Remote to candidates all over US)
Duration: 8 months
Contract Type: W2 only
Pay Rate: $56.34/Hour

Duties:

Threat Detection Library Development and Maintenance: Design, develop and maintain a comprehensive threat detection library including rules, alerts, and dashboards used to identify and respond to malicious activity.
Deliver detection instrumentation across a variety of data, tools and technologies including but not limited to endpoint, network, cloud, and identity platforms.
Develop and scale detection, mitigation, and response automation tooling.
Collaborate with other security engineers, analysts, threat hunters, threat intelligence, and red team to build effective threat detection capabilities.

Skills:

Hands on experience with cyber threat detection engineering, anomaly detection, risk scoring and behavior analytics as it applies to security.
Proven experience in building detection logic to identify suspicious or malicious behavior.
Solid understanding of threat intelligence, attacker methodology, and hardware/network forensics.
Experience with SIEM platforms (Splunk ES preferred).
Excellent analytical and problem-solving skills with the ability to think critically and under pressure.
Familiarity with CSIRT/SOC analyst and Incident Response procedures.
Strong written and verbal communication skills.
Collaborative outlook and ability to multi-task in a fast paced environment.
Experience with cloud security platforms (AWS, Azure, GCP).
Proficiency in Python scripting for automation and data analysis is a plus.
Experience EDR and/or CSPM is a plus.
Experience with Detection-as-Code or CI/CD is a plus.
Experience with Databricks or SQL-like query languages is a plus.
Experience with Splunk SOAR/Phantom or other SOAR technologies is a plus.
Experience with Machine learning, AI, LLMs is a plus.