Search for:

Threat Detection Engineer

Job Category: Threat Detection Engineer
Job Type: Contract
Job Location: San Antonio tx

Position: Threat Detection Engineer
Location: San Antonio, TX (Day 1 Onsite)
Visa status: : Strictly Don’t share F1, OPT, OPT EAD, L2 EAD and H4 EAD work permit

• 5+ years of information security related experience, in areas such as: security operations, incident analysis, incident handling, vulnerability management or testing, system patching, log analysis, intrusion detection, or security device administration.
• Create use cases for various threat actors /scenarios
• Create use cases for entire MITRE ATTACK framework.
• Converting HX use cases into Sysmon detections
• Maintaining and tuning high fidelity, low noise alerts to effectively identify and prioritize critical issues, minimizing false positives, and enhancing the overall security posture
• Develop and maintain high-quality threat detection rules, queries, and alerts based on identified use cases, threat scenarios, and structured threat intelligence
• Monitor and respond to web application firewall alerts
• Conduct regular reviews and assessments of detection rules and automated workflows to ensure optimal performance, effectiveness, and accuracy
• Proficiency in SIEM tools e.g., Splunk, including rule creation, query writing, and alert management.
• In-depth packet analysis skills, core forensic familiarity, incident response skills, and data fusion skills based on multiple security data sources.

Scripting and automation
• System administration on Unix, Linux, or Windows
• Network forensics, logging, and event management.
• Defensive network infrastructure (operations or engineering).
• Vulnerability assessment and penetration testing concepts.
• Malware analysis concepts, techniques, and reverse engineering.
• In-depth knowledge of network and host security technologies and products (such as firewalls, network IDS, scanners) and continuously improve these skills.
• Familiarity with common cybersecurity frameworks such as NIST, or other leading practices, and industry standards.
• Relevant security certifications such as CISSP, GCIH, GCIA, or similar are highly desirable

Apply for this position

Allowed Type(s): .pdf, .doc, .docx