Detection Engineer

We help our customers reduce risk by tightly integrating MDR with offensive security, threat hunting, security research, and digital forensics and incident response (DFIR) to continually adapt to new and evolving threats. Our modern MDR (Managed Detection & Response) approach is tailored to the unique characteristics and risk factors of each customer, enabling us to take full ownership of the response process and, optionally, manage key security controls. By thinking like an adversary and defending like a guardian, we help our customers stay a step ahead of threat actors. 

At CyberMaxx, we value humility, transparency, intellectual curiosity, and a customer first approach

As a Detection Engineer, you will be responsible for developing new rules, testing and validating them, monitoring rule performance, participating in threat hunting activities, and providing technical support during security incidents. 

What You Will Do:

• Create new rules and configurations based on threat intelligence, security research, and incident response reports.
• Test and validate new and updated rules and configurations to ensure they effectively detect and respond to security threats.
• Collaborate with other engineers and participate in detection-as-code peer reviews and approval process.
• Document rule changes and providing clear and concise reports to clients and management.
• Monitor rule performance and fine-tune them to optimize detection accuracy, minimize false positives, and increase the efficiency of the SOC.
• Collaborating with the SOC to identify opportunities for process improvements and ensure the team's rules and configurations are optimized for effective threat detection and response.
• Provide technical support to the SOC during security incidents, helping to identify and mitigate security threats through creation and or customization of detections.
• Participate in client meetings to provide updates on rule changes and answer any questions they may have.
• Maintaining up-to-date knowledge on the latest security tools and technologies, including CrowdStrike, Microsoft Defender, SentinelOne, IDS/IPS devices, Devo, Splunk, Exabeam, etc.
• Participating in training sessions to ensure knowledge and skills remain current.

What You Need to Be Successful: 

• 2+ years of cybersecurity industry work experience preferred
• Experience with one or more SIEM platforms
• Experience with one or more EDR platforms
• Strong analytical skills required
• Ability to review reports and system activity logs to identify critical events, prioritize, and escalate as appropriate
• Ability to make meaningful contributions to incident response and threat hunting activities
• Must have excellent written and verbal communication skills and ability to present information to senior management, technical, and non-technical staff
• A strong understanding of Common Tactics Techniques and Procedures (TTPs), Incident Response, and Threat Intelligence

Desired:

• DFIR knowledge or experience
• Dynamic malware analysis experience
• Network forensics experience
• Experience in Security Operations
• Good understanding of operating systems
• Experience in Version Control (VC) systems, such as git
• Experience with “Sigma” (generic signature format for SIEM systems)
• Experience with attack simulation in a lab environment
• Experience with one modern programming language

CyberMaxx will consider all qualified applicants without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, disability, veteran or military status, age, genetic information, or other characteristics protected by federal, state, or local applicable law.