Group Manager, Threat Detection Engineering and Operations

About the position Responsibilities • Define detection engineering strategy, roadmap, and objectives • Build and mature detection engineering processes and standard patterns • Build new detection capabilities based on research of new attack techniques • Evaluate, validate, tune, and sunset necessary detection capabilities • Identify and close gaps in detection coverage • Build runbooks and playbooks for SOC analysts to operationalize new detections • Work with system owners, SIEM team, and Detection Operations to onboard and operationalize new data sources • Define and manage coverage and efficacy metrics, reporting them on a regular cadence to leadership • Lead root cause analysis for detection quality issues and direct next steps to address and prevent recurrence • Participate in Cyber Incident Response Team (CIRT) rotation that may involve non-traditional working hours Requirements • BA/BS degree or higher in Computer Science, Cybersecurity or equivalent work experience • 5+ years' industry experience in Incident Response or Security Operations activities • 3+ years leadership experience in a SOC or similar role • Proven track record of building scalable organizations that have world class threat detection capabilities • Technical proficiency performing security investigations at scale; including endpoint, cloud, identity, network, and email threats • Practical experience with Detection & Response tools for network, endpoints, cloud, and identity as well as SOAR platforms • Hands-on experience with SIEM and Data Lake solutions (e.g., Splunk, Snowflake, S3) • Expertise with query languages (SQL, SPL, BigQuery) • Strong fundamentals of Linux, MacOS, and Windows operating system internals • Deep understanding of attacker techniques, tools and procedures • Understanding of cloud environments such as AWS, GCP, and/or Azure • Proficiency creating and managing operational metrics that increase team efficiency and quality • Experience with coding languages to build/automate (e.g., Python, Go) • Experience working with security frameworks like MITRE ATT&CK or Lockheed Martin's Cyber Kill Chain; ability to track and discuss an attack through the cyber killchain • Ability to manage effective relationships with organizational leaders, build a roadmap, and drive broad initiatives to completion • Understanding of Machine Learning concepts as related to predictive analytics • Experience with forensic data capture, analysis, and preservation • Comprehensive understanding of the detection engineering field Nice-to-haves • Admin or Architect level knowledge of a SIEM (Splunk, Azure Sentinel, QRadar, etc) • In-depth knowledge of security standard processes in large-scale environments • Ability to navigate hard conversations and disseminate information to team members • Willingness and ability to accept responsibility and provide guidance to team members • Effective organizational and planning skills, with the ability to successfully guide projects through to completion • Experience with software development or security automation highly preferred • CISSP or CISM certification preferred • Hands-on experience with AWS Cloud (AWS Solutions Architect level of knowledge) Benefits • Competitive compensation package • Cash bonus eligibility • Equity rewards • Comprehensive benefits package • Regular pay equity comparisons across categories of ethnicity and gender Apply tot his job Apply To this Job