OverviewWho we're looking forA Cyber Security Detection Engineer who focuses on identifying and mitigating cyber threats through the development of detection mechanisms. This role is crucial in closing the detection gap between potential threats and the organization's ability to identify them. Detection engineers work within the SOC team to create and maintain detection rules, analyze alerts, and continuously improve security measures based on evolving threats.
What you'll be doing - Design and Implement Detection Systems: Create systems and processes to detect malicious activities and behaviors, ensuring that detection mechanisms are tailored to the organization's specific environment and threat landscape
- Develop Detection Rules: Write and maintain detection rules in various security products to identify cyber threats effectively. This includes analyzing false positives and true positives to refine these rules continuously
- Utilize Threat Intelligence: Leverage cyber threat intelligence from our CTI team to inform detection strategies, translating strategic intelligence into actionable detection rules
- Collaborate with Other Teams: Work closely with threat hunters and incident response teams to develop automated detections based on observed suspicious activities
- Collaborate with Security Engineering to ensure logs are ingested, routed, filtered and parsed to ensure detections have the required log sources and log fields
- Continuous Improvement: Engage in ongoing learning and adaptation of detection strategies to keep pace with evolving cyber threats, including AI-based attack vectors
- Conduct reviews of current detection logic to identify any gaps as well as participate with other teams on log ingestion reviews and requests to ensure logging and detection strategy remains executable and relevant to threat landscape
- Orchestration and Automation: Collaborate with other teams and the SOC to identify trends or improvements that can be made with AI/ML, automation or orchestration and implement automation, orchestration and AI/ML systems
- Incident Response: Detect and Respond to malicious activities alongside the SOC analysts and Incident Response team
- Organization: Utilize CI/CD and Detection-as-code concepts to ensure the detection pipeline is scalable, maintainable and testable
- Mentorship: As a lead, collaborate and mentor junior members of the SOC in detection engineering concepts, design and implementation
Tech Requirements: Demonstrated experience with Detection and response using EDR, SIEM, anti-ransomware, Cloud, Network, Identity and other security tools
Added bonus if you have - A Bachelor's degree in a relevant field (e.g., Cybersecurity, Computer Science, Engineering, Information Technology) or equivalent work experience.
- Experience in a regulated industry (e.g., finance, healthcare, government).
- Proficiency in additional query and scripting languages (e.g., CQL, SQL, KQL, SPL, EQL, Yara, Bash, python).
- 3-5 experience as a cybersecurity engineer
What we'll bring During your interview process, our team will provide detailed information about our industry-leading benefits and career development opportunities. Here are a few highlights:
- A work environment built on teamwork, flexibility, and respect.
- Professional growth and development programs to help advance your career, including tuition reimbursement.
- Team Member Vehicle Purchase Discount.
- Toyota Team Member Lease Vehicle Program (if applicable).
- Comprehensive health care and wellness plans for your entire family.
- Toyota 401(k) Savings Plan with a company match, plus an annual retirement contribution from Toyota regardless of your own contributions.
- Paid holidays and paid time off.