Director, Detection & Response Engineering

Imagine yourself as a SOC analyst and a new alert pops to the top of the queue. You open the alert and all of the data you need to make a decision is present. In just a few seconds you’ve notified the customer of a potential security incident. After completing the investigation, you find yourself waiting in vain for another alert to appear in the queue (hey, we’re dreaming here, right?!). An alert finally pops up but it’s immediately triaged by the system; a combination of AI and automation classified the alert as benign, leaving you time to finish your research into the latest MFA bypass techniques.

Now, imagine you lead the teams that enabled both of these scenarios. Your teams created the detection logic that produced the alert, built the response actions that enriched the alert, and automated the SOC playbook that made the decision. You prioritized this work with the data-driven detection program you’ve established.

But you can’t stop at the prioritization and creation of content. Your team is also a core driver of the continuous evolution of the platform. You have a running list of the features you need built to mitigate the running-even-faster list of emerging TTPs, and it's all backed up with research. The research spikes you prioritized are informed by the continuous detection gap analyses your teams perform of the attacks we see every day. This is why you worked so closely with the Data Science team to build the ML model that now safely auto-closes false positive alerts.

What Expel can do for you

• We will place you in a critical leadership role that is central to the success of Expel’s business. You will not be limited in opportunity to shine and deliver results.
• We will enable you to deliver detection outcomes for our customers immediately within our existing platform, and with that experience to define how we evolve the platform.
• We will facilitate your research through access to one of the most exciting security data sets in the industry! With data originating from 100+ integrations and spanning every category of security product under the sun well, the sun's the limit.

What you can do for Expel

• Create the strategy and operational processes to rapidly support the ingestion of new security signals, deliver world-class detections, build effective automation, and ultimately drive the security value and scalability of the MDR service.
• Create processes and tools to measure our adherence to this strategy. Maintain and evolve the strategy to balance the needs of our customers and our SOC, in terms of both coverage and efficiency.
• Structure your teams to support rapid service delivery, while maintaining a consistent focus on innovation. Strike that perfect balance between reactive and proactive.
• Lead, inspire, and organize multiple, high-performing teams of detection and response engineers.

What you should bring with you

• 10+ years in threat detection and incident response within the context of managed services, incident response, security product research teams, and/or large enterprise security teams.
• 5+ years mentoring security analysts, researchers, engineers, or data scientists.
• A deep understanding of attack surfaces, corresponding attacker behaviors, how behaviors map to MITRE ATT&CK, and how to deliver coverage for those behaviors.
• Experience with a wide range of security solutions across categories such as Endpoint, Network, Cloud, Identity, SIEM/XDR, and security orchestration.
• Experience implementing cybersecurity schemas such as OCSF, ASIM, CIM, or ECS to accelerate detection and response delivery is a plus.
• Knowledge of common ML techniques and experience applying machine learning techniques in cybersecurity is a plus.