FLEX Senior Detection Engineer

This is a detection engineering role that leverages knowledge of monitoring analyzing detecting and responding to cyber events and incidents to develop and implement effective monitoring and alerting for information systems and role is responsible for developing and tuning Security Information and Event Management (SIEM) and User Entity and Behavior Analytics (UEBA) content to monitor critical IT infrastructure and application logged events to detect cybersecurity and insider threats across the Marriott role produces highquality documentation pertaining to detection development monitoring logic and other content creation role will also lead collaboration sessions for security monitoring use case ideation with partners in the cyber security tower and other business units.

CANDIDATE PROFILE

Education and Experience

Required:

Bachelors degree in Computer Sciences or related field or equivalent experience/certification

7 years of experience in Information Technology/Security

3 years of collective experience in one or all of the following:

oSplunk SIEM (Splunk Enterprise Security) threat detection use case development

oUEBA use case development for insider threat use case development

5 years of experience insome or allof the following:

oExperience working in (or with) security functions such as SOC CIRT security engineering risk management vulnerability management.

oTechnical infrastructure operations administration or systems engineering

oScripting or programming language including Python

Preferred Skills/Experience:

Current information security certification such as Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP)

Offensive and defensive security certifications such as CEH IGAC Cyber Defense OSCP or other related certifications

Splunk Certification including Splunk Enterprise Security Certified Admin

Use case development experience on the Exabeam platform

Working knowledge of the NIST Cyber Security Framework andISO/IEC 27001:2022

Working knowledge of the MITRE ATT&CK Framework

Experience with security monitoring use case ideation for business applications and IT infrastructure

Familiaritywith cloud service provider platforms (AWS Azure GCP) identity and access management systems firewalls nextgen antimalware intrusion detection and prevention systems

Experience with Linux Unix and Microsoft operating systems

Knowledge of IP networking

Experience with a scripting language *nix shell scripting Python PowerShell etc. and regular expressions

Solid written and verbal communication skills

Agile methodology

Core Responsibilities

Most Often:

Lead collaboration sessions within the cyber security tower and other business units to devise security monitoring use work entails the collection and collaborative analysis of security accreditation reports threat models documented security controls architecture and business usage patterns for security monitoring consideration.

Engage and collaborate with other security engineers and architects as needed to keep pace with the evolution of corporate infrastructure and applications and share that knowledge with peers as appropriate.

Document prospective security monitoring use cases with MITRE ATT&ACK mappings using standard templates and use cases will be reviewed with stakeholders for acceptance signoff and to move forward with development.

Inform and consult other cyber ops teams of required data onboarding and integrations for use case development.

Develop analytics correlation searches dashboards reports and alerts within the SIEM and UEBA platforms.

Solicit feedback for preproduction security monitoring content through peer review process and user acceptance testing for tuning.

Document developed security monitoring content in a documentation registry using department standard templates and methodologies.

Manage field mapping and transmission of security monitoring alerts to the security incident response platform for SOC analyst consumption as outlined in process documentation.

Provide governance support for the content development function entailing content development standards compliance change management approvals for SIEM or UEBA content and lifecycle management of developed security monitoring content.

Service operational requests in queue such as analytics content performance tuning filtering search refinement parsing issues etc.

Attend SCRUM and prioritization meetings to review and update deliverables.

Less Often:

Contribute to ongoing development and maintenance of documented standards workflows and best practices within the cyber threat detection engineering discipline.

Research emerging threats and adversary tactics techniques and procedures to understand the threat landscape and to ensure that security monitoring content remains relevant and effective.

Occasional participation in evaluations of new platforms technologies and methodologies pertaining to cyber threat detection engineering.

MANAGEMENT COMPETENCIES

Leadership

CommunicationConveys information and ideas to others in a convincing and engaging manner through a variety of methods.

Leading Through Vision and ValuesKeeps the organizations vision and values at the forefront of employee decision making and action.

Managing ChangeInitiates and/or manages the change process and energizes it on an ongoing basis taking steps to remove barriers or accelerate its pace; serves as role model for how to handle change by maintaining composure and performance level under pressure or when experiencing challenges.

Problem Solving and Decision MakingIdentifies and understands issues problems and opportunities; obtains and compares information from various sources to draw conclusions develops and evaluates alternatives and solutions solves problems and chooses a course of action.

Professional Demeanor Exhibits behavioral styles that convey confidence and command respect from others; makes a good first impression and represents the company in alignment with its values.

Strategy DevelopmentDevelops business plans by exploring and systematically evaluating opportunities with the greatest potential for producing positive results; ensures successful preparation and of business plans through effective planning organizing and ongoing evaluation processes.

Managing

Building a Successful TeamUses an effective interpersonal style to build a cohesive team; inspires and sustains team cohesion and engagement by focusing the team on its mission and importance to the organization.

Strategy Ensures successful across of business plans designed to maximize customer satisfaction profitability and market share through effective planning organizing and ongoing evaluation processes.

Driving for Results Sets high standards of performance for self and/or others; assumes responsibility for work objectives; initiates focuses and monitors the efforts of self and/or others toward the accomplishment goals; proactively takes action and goes beyond what is required.

Building Relationships

Customer RelationshipsDevelops and sustains relationships based on an understanding of customer/stakeholder needs and actions consistent with the companys service standards.

Global MindsetSupports employees and business partners with diverse styles abilities motivations and/or cultural perspectives; utilizes differences to drive innovation engagement and enhance business results; and ensures employees are given the opportunity to contribute to their full potential.

Strategic PartnershipsDevelops collaborative relationships with fellow employees and business partners by making them feel valued appreciated and included; explores partnership opportunities with other people in and outside the organization; influences and leverages corporate and continental shared services and/or discipline leaders (e.g. HR Sales & Marketing Finance Revenue Management) to achieve objectives; maintains effective external relations with government business and industry in respective countries; performs effectively as a liaison between locations disciplines and corporate to ensure needed resources are received and corporate strategies are understood and executed.

Generating Talent and Organizational Capability

Developing OthersSupports the development of others skills and capabilities so that they can fulfill current or future job/role responsibilities more effectively.

Organizational Capability Evaluates and adapts the structure of assignments and work processes to best fit the needs and/or support the goals of an organizational unit.

Learning and Applying Professional Expertise

Continuous LearningActively identifies new areas for learning; regularly creates and takes advantage of learning opportunities; uses newly gained knowledge and skill on the job and learns through their application.

Technical Acumen Understanding and utilizing professional skills and knowledge in a specific functional area to conduct and manage everyday business operations and generate innovative solutions to approach functionspecific work challenges

o Technical Intelligence:Knowledge and ability to define and apply appropriate technology to enhance business process

o Development Methodologies:General knowledge of SDLC and Agile framework and applicable development methodologies.

o Information Security:General information security knowledge including best practices applicable to threat detection and security controls across networks endpoints and supporting technologies.

Business AcumenUnderstands and utilizes business information to manage everyday operations and generate innovative solutions to approach business and administrative challenges.

Basic Competencies Fundamental competencies required to accomplish basic tasks:

o Basic Computer Skills Using basic computer hardware and software (e.g. personal computers word processing software Internet browsers etc..

o Mathematical Reasoning The ability to add subtract multiply or divide quickly correctly and in a way that allows one to solve workrelated issues.

o Oral Comprehension The ability to listen to and understand information and ideas presented through spoken words and sentences.

o Reading Comprehension Understanding written sentences and paragraphs in workrelated documents.

o Writing Communicating effectively in writing as appropriate for the needs of the audience.

The pay range for this position is $47.35 to $78.03 per hour.

Washington Applicants Only: Employees will accrue 0.0334 PTO balance for every hour worked and eligible to receive minimum of 9 holidays annually.

FLEX opportunities offer coverage for medical dental vision health care flexible spending account dependent care flexible spending account life insurance disability insurance accident insurance adoption expense reimbursements paid parental leave 401(k) plan stock purchase plan discounts at Marriott properties commuter benefits employee assistance plan and childcare discounts. Benefits are subject to terms and conditions which may include rules regarding eligibility enrollment waiting period contribution benefit limits election changes benefit exclusions and others.

Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquartersbased positions are considered hybrid for candidates within a commuting distance to Bethesda MD; candidates outside of commuting distance to Bethesda MD will be considered for Remote positions.

The application deadline for this position is 14 days after the date of this posting March 18 2025.

Marriott International is an equal opportunity believe in hiring a diverse workforce and sustaining an inclusive peoplefirst are committed to nondiscrimination onanyprotectedbasis such as disability and veteran status or any other basis covered under applicable law.