Detection Engineer

POSITION OVERVIEW

Fidelity National Financial (FNF) is seeking a Detection Engineer to join our Information Security Office (ISO). The primary purpose of this position is to maintain and improve security detections within FNF. This role is specifically focused on email security. This role can sit 100% remote.

DUTIES & RESPONSIBILITIES

• Research adversary tradecraft, translate threat intelligence into detection logic
• Tune and optimize existing detections to reduce alert fatigue while maintaining detection fidelity
• Perform regular detection coverage and gap analysis assessments
• Document detection logic, response guidance, and follow-on analysis to support SOC and incident responders
• Represent detection engineering to cross-functional security teams in meetings, including priorities, capabilities, and progress
• Collaborate with other teams including threat intelligence, incident response, and security operations for detection authoring and improvements.
• Represent detection engineering to cross-functional security teams in meetings, including priorities, capabilities, and progress
• Contribute to detection program standards and processes
• Other tasks and responsibilities as assigned

MINIMUM REQUIREMENTS

• Bachelor's degree or the equivalent combination of education and work experience
• 5+ years experience in cybersecurity/information security
• Strong experience with Python, including logging, testing, object-oriented concepts, and designing ergonomic tools.
• Security monitoring experience with one or more SIEM technologies and query languages (SQL, XQL, SPL, KQL, etc.)
• Detection engineering experience including threat modeling, detection tuning, and metrics-driven-detections
• Experience in one or more security domains - defensive analyst, malware reversing, offensive security, open-source intelligence, threat intelligence
• Detail oriented with strong organizational skills
• Exceptional written and oral communication skills

PREFERRED EXPERIENCE

• Experienced in detection validation, with a desire to prove coverage
• Familiar with email analysis and security
• Experience with detection-as-code, ideally in a continuous integration and continuous delivery (CI/CD) pipeline
• Hands on experience with popular Breach-as-a-service tools for validation, coverage analysis, and threat modeling
• Familiarity with Git-based workflows including branching, pull requests, and peer review

COMPENSATION & BENEFITS

This position has the potential to earn compensation in the range of $120,000 - $160,000 annually based on location and job-related factors such as skillset and experience. Actual rate may vary within the range provided, depending on a number of factors, including skillset, experience and location.  The base compensation is one component of the total rewards package offered to our employees, including optional health and welfare insurance (medical/dental/vision/life/disability); paid holidays, vacation, and sick time off; and matching 401(k) plan and matching employee stock purchase plan.