Sr Detection Engineer

The Sr Detection Engineer leads the activities that enhance the organizations security posture by developing implementing and maintaining robust security monitoring and detection capabilities. This role requires indepth expertise in threat identification and analysis with a focus on identifying and investigating sophisticated threats. The Sr Detection Engineer will lead the development and implementation of advanced detection techniques mentor junior engineers and drive continuous improvement in the security monitoring program. They will actively contribute to the improvement of security processes and procedures collaborate effectively with other security teams and communicate security findings to both technical and nontechnical audiences. This role requires a strong understanding of the evolving threat landscape and the ability to stay abreast of cuttingedge security research and technologies.

Responsibilities:

• Lead the design development and implementation of advanced security monitoring and detection capabilities.
• Mentor and guide junior Detection Engineers.
• Analyze security logs from various sources including firewalls intrusion detection systems (IDS/IPS) endpoint detection and response (EDR) systems applications and cloud provider platforms.
• Develop and maintain highfidelity security monitoring rules and alerts using consistent and repeatable processes.
• Develop optimize and facilitate the use of repeatable templates documentation requirements and procedures.
• Develop maintain and improve an alert lifecycle and periodically review alerts for relevancy efficacy and potential for improvement.
• Lead multiteam meetings to capture feedback share information refine alerts and facilitate a collaborative working environment.
• Be knowledgeable and share information about detection engineering best practices for skills technology and processes.
• Investigate threat intelligence and security incident data to create and refine detection logic.
• Stay on top of industry news and investigate and prioritize detections as part of a threatinformed defense.
• Stay current on emerging threats vulnerabilities and attack techniques.
• Participate in security incident response activities as needed.
• Collaborate effectively with other security teams including incident response threat intelligence vulnerability management and application security.
• Develop relationships to cultivate internal and external intelligence and emulate threat activity to support detection creation and test detection efficacy.
• Analyze and prioritize detection coverage relative to existing industry standard frameworks (e.g. MITRE ATT&CK).
• Enhance team capabilities through ongoing research automation (scripting etc. and the development of new tools and methodologies to improve threat detection and incident response capabilities.
• Develop and lead special projects such as evaluating new security tools and technologies developing proofofconcept solutions and building tools/capabilities to solve specific security challenges.

Qualifications :

Basic Requirements:

• 7 years of handson cybersecurity experience in detection engineering threat hunting incident response digital forensics cyber intelligence or related fields.
• 2 years of detection engineering experience
• Experience in network and hostbased analysis and investigation. Excellent understanding of operating systems and investigation of threat actor techniques in Windows Linux and macOS.
• Expertise in Splunk Search Processing Language (SPL) SQL LogScale and Endpoint Detection and Response (EDR) tools or other SIEM technologies and query languages.
• Understanding of complex enterprise networks to include endpoint network email identity management and administration systems.
• Deep understanding of network and hostbased security concepts including protocols (HTTP DNS SMB) operating systems (Windows Linux macOS) authentication protocols and security tools (SIEM EDR SOAR).
• Excellent analytical and problemsolving skills detailoriented and able to communicate process and findings verbally and through reports.
• General understanding of various cloud technologies and the security implications behind them
• Experience crafting logic that detects threats in user network host or cloud activity in a highfidelity manner.
• Handson technical expertise in building scripts tools or methodologies that enhance threat detection and incident response capabilities. (Preferably SPL and Python).
• Knowledge of industry recognized security and analysis frameworks (MITRE ATT&CK Chain NIST Incident Response etc..
• Must be selfmotivated and able to work both independently and as part of a team.
• Willingness to provide support during nontraditional working hours in an oncall fashion.

Additional Requirements:

• Fully Remote: This position has been designated as fully remote meaning that the position is expected to contribute from a nonNBCUniversal worksite most commonly an employees residence.

This position is eligible for company sponsored benefits including medical dental and vision insurance 401(k) paid leave tuition reimbursement and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page of the Careers website.

Salary range: $125000 $165000 (bonus eligible).

We are accepting applications for this position on an ongoing basis.