This position is for our large cloud software client. In this role, the Threat Detection Engineer would spend their day leveraging their extensive technical cybersecurity experience to protect and enhance the organization's security posture. They would utilize their expertise in detection engineering, threat hunting, and incident response to identify and mitigate potential threats. This involves operationalizing cyber threat intelligence into high-fidelity detection logic and systematically developing and testing this logic against adversarial tactics, techniques, and procedures (TTPs). They would analyze logs from various sources, such as endpoints, applications, network appliances, and cloud environments, to detect anomalies and potential security incidents. With a strong understanding of cybersecurity fundamentals at the network, protocol, and host levels, they would use frameworks like MITRE ATT&CK and D3FEND to improve detection and response strategies. Additionally, they would employ SIEM platforms to monitor and respond to security incidents and proactively hunt for threats using investigative tools, techniques, and user behavior analysis.
Sure, here are the details in bullet points:
Main Function:
- Plan, coordinate, and implement security measures for information systems.
- Regulate access to computer data files.
- Prevent unauthorized modification, destruction, or disclosure of information.
Responsibilities:
- Plan, coordinate, and implement security measures to safeguard the computer database.
- Identify security issues and risks, and develop mitigation plans.
- Architect, design, implement, support, and evaluate security-focused tools and services, including project leadership roles.
- Develop and interpret security policies and procedures.
- Participate in security compliance efforts.
- Develop and deliver training materials and perform general security awareness and specific security technology training.
- Evaluate and recommend new and emerging security products and technologies.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to
HR@insightglobal.com.
To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:
https://insightglobal.com/workforce-privacy-policy/ .
- 4+ years in a cyber security engineering position, ideally overall 6+ years working in IT security
- 3+ years of experience working in detection engineering and threat hunting
- Can write scripts for infrastructure as code (Python, Terraform, or Anisble) for maintaining cloud environments
- Experience with MITRE ATT&CK and D3FEND
- DevOps experience and/or building/maintaining cloud environments using infrastructure as code
- Technical understanding of cybersecurity fundamentals at the network, protocol, and host levels
- Must go onsite in Herndon. VA 1x per week
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.