AnomaliAN

Threat Detection Architect (US Remote)

Sign up to save this job

Anomali
United States only
Apply now
Company Description:Anomali, a world-renowned platform leader in Security Operations, supercharges SecOps by fusing Lightspeed Security Analytics, Industry-Leading Cyberthreat Intelligence (CTI), AI-based automated threat hunting, alert orchestration, automated threat detection and incident response (TDIR) blocking, community intelligence sharing, exposure management, and dark web protection. Transforming CISOs into superheroes and analysts into SOC terminators. Anomali's Platform offers: “Match” Next-Gen SIEM, “Lens” AI Threat Hunter, “ThreatStream” TIP, Anomali Integrator, Anomali ISAC, Anomali Attack Surface Management, and Anomali Digital Risk Protection, infused with Anomali AI. Anomali bridges the gap between point solutions (EDR, NDR, SSE, RMM, CAASM, etc.) and replaces legacy SIEMs at 50% the cost, giving analysts easy-to-use tools that enable lightspeed detection & response. Anomali addresses the global shortage in cyber talent by empowering analysts to contain, eradicate, and block threats in seconds without complex SIEM queries, manual blocks, or long investigations. Anomali delivers as a proprietary platform and disruptor to the security analytics world. Anomali can search billions of logs in seconds, correlating tens of millions of IoCs and IoAs across years of telemetry and logs often deleted or moved to cold storage. At every point across the cyber kill chain, Anomali supercharges the SOC to detect, contain, and eradicate threats before organizational impact.
Job Description:Anomali is looking for a skilled threat hunter, analyst, and detection engineer/architect to join our SOC. Previous experience as a T3 SOC analyst, threat hunter, and advanced SIEM detection engineer is preferred. This individual will be responsible for proactively detecting, isolating, and mitigating threats, while building new threat hunts and detections around system- and business-process-specific adversary threat models. This individual will work closely with our Advanced Threat Research (ATR) team, Cyber Fusion Content Development team, and Security Operations Team to leverage Anomali’s core capabilities along with other industry-leading cybersecurity products to build and implement novel threat detection and hunting capabilities. You will also leverage Anomali’s AI Copilot and provide direct input into Anomali Language Learning Models (LLMs) for building content related to threat hunting, incident response, adversary threat models, and detection methodology. Key Responsibilities:o Proactively build SOC detections to investigate, detect, isolate and mitigate endpoint-, identity-, network-, cloud-, email-, and data-based threats across enterprise systems and data storeso Develop a periodic, triggered, and continuous threat hunting strategyo Use a threat-model-based approach to develop detections and threat huntso Develop templated and repeatable processes for automated and manual security incident triage, response, and mitigation using Anomali’s market-leading Security Operations Platformo Build Anomali Query Language (AQL) SIEM detections using a combination of currently existing detections (e.g. Sigma rules), newly developed detections, and UEBA analytics algorithms to streamline detection and responseo Properly orchestrate and configure existing tools and enterprise systems to generate detections for malicious behavior, insider threat, and LOL processes and procedureso Map detections and threat hunts to MITRE ATT&CK methodology as-neededo Utilize Attack Flow and IOAs to build incident detection blueprints and response playbookso Build data dashboards to provide insights, analytics, and holistic understanding of SOC operations, including the reduction in mean time to respond (MTTR)o Build a security tools and data exploitation and optimization model and methodology that measures return on security investment and SOC operations effectivenesso Serve as an expert advisor on SOC analyst incident response, detection engineering, and threat hunting to internal product teams, content-development teams, and customers o Provide direct input into AI language learning models and capabilitieso Manage and mentor SOC analysts and threat hunters in creating of automations, triage of detections, and execution of computer incident response processes
QualificationsRequired Skills/Experience:o Minimum 5+ years of work experience as an advanced T3 SOC analyst, threat hunter, incident responder, or detection engineero In-depth technical knowledge concerning processes, procedures, and methodologies regarding preparedness, resilience, incident response, detection engineering, and threat huntingo Technical knowledge on detection and alert orchestration across numerous security systems including but not limited to EDR, NDR, Firewalls, DNS, DHCP, IAM, IDaaS, ESG, SWG, SSE, DLP, VPN, CASB, Cloud Environments (e.g. AWS, GCP, Azure), and SaaS applicationso Technical knowledge of techniques, standards, and state-of-the-art capabilities for authentication and authorization, applied cryptography, network architecture, security vulnerabilities, and remediation strategies.o Tactical knowledge of how to apply cyber threat intelligence (CTI) in SOC processes, procedures, and systems to prioritize and speed detection and responseo In-depth technical knowledge of Attack Flow, IoA/TTP-based and IoC-based threat hunting, log sources, SIEM investigations, Windows/Linux operating system event logs, and threat actor tactics, techniques, and procedureso Experience using Sigma and YARA rules to perform threat hunts across live processes, databases, and systemso Understanding of SaaS development environments including cloud data centers, CI/CD pipelines, web application development, OWASP, vulnerability scanning (DAST, SAST, RASP), system development life cycle (SDLC), web application monitoring, web application security (e.g. WAFs, log monitoring), web services, service-oriented architectures, remote access technologies (ZTNA, VDI, JIT)
Desired Skills/Experience:o Experience conducting purple teaming, pentesting, sandbox testing, or development of honeypots/tokens for threat and vulnerability detectiono BS or MS in technical field, including but not limited to Computer Science, Engineering, Cybersecurity, Information SystemsEqual Opportunities MonitoringIt is our policy to ensure that all eligible persons have equal opportunity for employment and advancement on the basis of their ability, qualifications and aptitude. We select those suitable for appointment solely on the basis of merit without regard to an individual's disability, race, color, religion, sex, sexual orientation, gender identity, national origin, age, or status as a protected veteran. Monitoring is carried out to ensure that our equal opportunity policy is effectively implemented.
If you are interested in applying for employment with Anomali and need special assistance or accommodation to apply for a posted position, contact our Recruiting team at [email protected].

Elevate your application

Let our AI craft your perfect cover letter and align your resume to this job's criteria.

Optimize my resumeCraft my cover letter

By using our AI tools, you consent to sharing your profile with our AI partner for this purpose.

Apply now

Please let Anomali know you found this job on Himalayas. This helps us grow!

Apply now

About the job

Apply before

Jun 05, 2024

Posted on

Apr 06, 2024

Job type

Full Time

Experience level

Senior

Location requirements

United States

Hiring timezones

United States +/- 0 hours

Job categories

Security ArchitectDetection EngineerCloud Security ArchitectSenior Solutions ArchitectSecurity Risk SpecialistSolution Architect LeadDeveloper

Skills

Threat DetectionIncident ResponseDetection EngineeringAnomali Query Language (AQL)MITRESigmaSaaSCI CD PipelinesOWASPDASTSASTRASPSDLCWAFJITLinuxWindows
Claim this profileAnomali logoAN

Anomali

Company size

Social media

Anomali's TwitterAnomali's LinkedIn
View company profileVisit anomali.com

Similar remote jobs

Here are other jobs you might want to apply for.

View all remote jobs

4 remote jobs at Anomali

Explore the variety of open remote roles at Anomali, offering flexible work options across multiple disciplines and skill levels.

View all jobs at Anomali
Top remote companies

Remote companies like Anomali

Find your next opportunity by exploring profiles of companies that are similar to Anomali. Compare culture, benefits, and job openings on Himalayas.

View all companies

Find your dream job

Sign up now and join thousands of other remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan