United States onlyDESCRIPTION
Proficio is an award-winning managed detection and response (MDR) services provider. We provide 24/7 security monitoring, investigation, alerting and response services to organizations in healthcare, financial services, manufacturing, retail and other industries. Proficio has been highlighted in Gartner’s Market Guide for Managed Detection and Response Services for the last three consecutive years. We have a track record of innovation. Proficio invented the concept of SOC-as-a-Service. We were the first MSSP to provide automated response services and the first in our space to provide a risk scoring dashboard.
Our typical client is a medium to large-sized organization that lacks the in-house resources to address the challenges of a rapidly changing threat landscape. The difficulty of hiring and retaining cybersecurity professionals are widely understood but our prospective clients also struggle to effectively harness technology and build hardened processes.
While Proficio has developed a unified service delivery platform designed to meet the needs of the most demanding clients, what sets us apart is the quality and passion of our people. We believe the SOC of the Future will meld the creativity of human intelligence with the power of advanced technologies like AI.
Summary
The Threat Detection Engineer is specifically focused on development and creation of new alerting features for a dedicated client in the San Diego area.. This role is responsible for building out new alerts; adapting current alerts, and ensuring our customers threat detection capabilities are a match for their threat landscape. In addition to supporting our customer's reporting and dashboard needs, this role handles bug fixes, handles special projects and interfaces with our client to pilot new rules or log source alerting.
Responsibilities
- Work to identify security alerting gaps and provided resolution to improve detection services.
- Develop and create new use cases and modify alerts as required by the current threat landscape. This work includes whitelisting, tuning, and filtering of use cases; investigation of misfiring alerts; and troubleshooting of log source ingestion required for each use case.
- Create and/or modify reports and dashboards as required for analysis, investigation, and expansion of the Splunk SIEM environment
- Ensure security, availability, and confidentiality of all sensitive data collected, processed, or stored by this role.
Requirements
- Experience in cybersecurity including data ingestion and knowledge of SIGMA and MITRE framework
- 4+ years of experience with the Spunk SIEM with at least 3 years front end focused
- Good understanding of the current threat landscape including knowledge of different threat actor profiles and attack methods.
- Demonstrated knowledge of general networking principles including full knowledge of TCP/IP communication, the OSI model, common network ports, and basic network defense
- Good Unix or Linux system administration and command line experience
- Solid understanding of the threats reported by various data sources such as IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web proxies.
- Experience working with log sources (and consoles) from major brands such as Cisco and Palo Alto is a plus
- Experience with Regular Expressions preferred
- Scripting skills in Python, Bash, or PowerShell
- Splunk certification required, SANS certifications highly desired, and OSCP is a big plus!
- Excellent communication and presentation skills within a team setting in a collaborative manner
- Quick learner and intuitive thinker
- Effective documentation and time task management skills
- Excellent problem-solving skill, ability to identify and apply appropriate technical resolutions.
Benefits
- $110K base salary or higher, depending on experience level
- Health, Dental and Vision plans available first of the month and other benefits available from day 1
- 401K plan
- Gym reimbursement
- Employee Assistance Program
- Life and Voluntary Life Insurance programs
Proficio is an EOE employer.
Proficio collects certain personal information upon your submission of an application for an open position. More information is available about your consumer rights and our privacy policy at www.proficio.com/privacypolicy
Singapore only
