Threat Detection Architect (US Remote)
Job Description:Anomali is looking for a skilled threat hunter, analyst, and detection engineer/architect to join our SOC. Previous experience as a T3 SOC analyst, threat hunter, and advanced SIEM detection engineer is preferred. This individual will be responsible for proactively detecting, isolating, and mitigating threats, while building new threat hunts and detections around system- and business-process-specific adversary threat models. This individual will work closely with our Advanced Threat Research (ATR) team, Cyber Fusion Content Development team, and Security Operations Team to leverage Anomali’s core capabilities along with other industry-leading cybersecurity products to build and implement novel threat detection and hunting capabilities. You will also leverage Anomali’s AI Copilot and provide direct input into Anomali Language Learning Models (LLMs) for building content related to threat hunting, incident response, adversary threat models, and detection methodology. Key Responsibilities:o Proactively build SOC detections to investigate, detect, isolate and mitigate endpoint-, identity-, network-, cloud-, email-, and data-based threats across enterprise systems and data storeso Develop a periodic, triggered, and continuous threat hunting strategyo Use a threat-model-based approach to develop detections and threat huntso Develop templated and repeatable processes for automated and manual security incident triage, response, and mitigation using Anomali’s market-leading Security Operations Platformo Build Anomali Query Language (AQL) SIEM detections using a combination of currently existing detections (e.g. Sigma rules), newly developed detections, and UEBA analytics algorithms to streamline detection and responseo Properly orchestrate and configure existing tools and enterprise systems to generate detections for malicious behavior, insider threat, and LOL processes and procedureso Map detections and threat hunts to MITRE ATT&CK methodology as-neededo Utilize Attack Flow and IOAs to build incident detection blueprints and response playbookso Build data dashboards to provide insights, analytics, and holistic understanding of SOC operations, including the reduction in mean time to respond (MTTR)o Build a security tools and data exploitation and optimization model and methodology that measures return on security investment and SOC operations effectivenesso Serve as an expert advisor on SOC analyst incident response, detection engineering, and threat hunting to internal product teams, content-development teams, and customers o Provide direct input into AI language learning models and capabilitieso Manage and mentor SOC analysts and threat hunters in creating of automations, triage of detections, and execution of computer incident response processes
QualificationsRequired Skills/Experience:o Minimum 5+ years of work experience as an advanced T3 SOC analyst, threat hunter, incident responder, or detection engineero In-depth technical knowledge concerning processes, procedures, and methodologies regarding preparedness, resilience, incident response, detection engineering, and threat huntingo Technical knowledge on detection and alert orchestration across numerous security systems including but not limited to EDR, NDR, Firewalls, DNS, DHCP, IAM, IDaaS, ESG, SWG, SSE, DLP, VPN, CASB, Cloud Environments (e.g. AWS, GCP, Azure), and SaaS applicationso Technical knowledge of techniques, standards, and state-of-the-art capabilities for authentication and authorization, applied cryptography, network architecture, security vulnerabilities, and remediation strategies.o Tactical knowledge of how to apply cyber threat intelligence (CTI) in SOC processes, procedures, and systems to prioritize and speed detection and responseo In-depth technical knowledge of Attack Flow, IoA/TTP-based and IoC-based threat hunting, log sources, SIEM investigations, Windows/Linux operating system event logs, and threat actor tactics, techniques, and procedureso Experience using Sigma and YARA rules to perform threat hunts across live processes, databases, and systemso Understanding of SaaS development environments including cloud data centers, CI/CD pipelines, web application development, OWASP, vulnerability scanning (DAST, SAST, RASP), system development life cycle (SDLC), web application monitoring, web application security (e.g. WAFs, log monitoring), web services, service-oriented architectures, remote access technologies (ZTNA, VDI, JIT)
Desired Skills/Experience:o Experience conducting purple teaming, pentesting, sandbox testing, or development of honeypots/tokens for threat and vulnerability detectiono BS or MS in technical field, including but not limited to Computer Science, Engineering, Cybersecurity, Information SystemsEqual Opportunities MonitoringIt is our policy to ensure that all eligible persons have equal opportunity for employment and advancement on the basis of their ability, qualifications and aptitude. We select those suitable for appointment solely on the basis of merit without regard to an individual's disability, race, color, religion, sex, sexual orientation, gender identity, national origin, age, or status as a protected veteran. Monitoring is carried out to ensure that our equal opportunity policy is effectively implemented.
If you are interested in applying for employment with Anomali and need special assistance or accommodation to apply for a posted position, contact our Recruiting team at [email protected].
Elevate your application
Let our AI craft your perfect cover letter and align your resume to this job's criteria.
By using our AI tools, you consent to sharing your profile with our AI partner for this purpose.
Elevate your application
Let our AI craft your perfect cover letter and align your resume to this job's criteria.
By using our AI tools, you consent to sharing your profile with our AI partner for this purpose.
Apply now
Please let Anomali know you found this job on Himalayas. This helps us grow!
About the job
Apply before
Jun 05, 2024
Posted on
Apr 06, 2024
Job type
Full Time
Experience level
Location requirements
Hiring timezones
Job categories
About Anomali
Learn more about Anomali and their company culture.
Similar remote jobs
Here are other jobs you might want to apply for.
4 remote jobs at Anomali
Explore the variety of open remote roles at Anomali, offering flexible work options across multiple disciplines and skill levels.
Remote companies like Anomali
Find your next opportunity by exploring profiles of companies that are similar to Anomali. Compare culture, benefits, and job openings on Himalayas.
Find your dream job
Sign up now and join thousands of other remote workers who receive personalized job alerts, curated job matches, and more for free!