Detection Engineer
Python
Barcelona
Permanent
It's your dream to be part of a SW Security company?
Our client is engineering a disruptive security product that delivers continuous validation of your enterprise security program so you can find the gaps, strengthen your security posture and exercise your incident response capabilities.
They work with top companies around the world which surely use their products or services on a daily basis. They give an answer to their needs by helping them validate their security-related assumptions.
Your mission π
- Serve as a subject matter expert for challenges other teams face regarding security controls.
- Work with the multiple engineering teams to optimize security control experience inside the platform.
- Deploy and maintain security controls having the engineering teams as your main clients.
- Keep track of how the new versions of the security controls affect existing company capabilities
- Meet with security control vendors and customers to understand needs, and requests
Perks, my friend!
- Stock options
- 2 remote days a week
- The official schedule is from 9 to 5
- Flexible schedule
- Private insurance
- Free parking
- Quarterly team-building activities
- Weekly breakfasts
- Weekly lunches
- Fruit in the office
- Food & drinks in the office
- Chill areas (videogames/ping pong)
- Trainings (employee-driven or external)
If this is you β holy cow! π
- 8+ years of experience working in cyber security operations (CSOC, SOC, CIRT, CSIRT) in enterprise environments
- Proficient English communication skills.
- Strong knowledge of at least 2 SIEMs (writing log parsers, normalizing logs, etc) handling more than 25K EPS.
- Strong knowledge in managing SIEM log consumption -> event normalization -> security alert
- Experience managing alert fatigue issues
- Strong knowledge of at least 2 EDR technologies. Ideally Crowdstrike Falcon & (Microsoft ATP or SentinelOne)
- Strong knowledge of at least 2 network security technologies. Ideally Palo Alto Panorama & a custom rule based controls such as Snort/Suricata.
- Experience developing in Python
- Experience with IaC (Terraform, Ansible)
- Knowledge of creation of custom endpoint threat detection rules using technologies such as yara, OSQuery, Carbon Black, etc.
- Knowledge about Windows OS and how to troubleshoot software running there (Windows Event Log, Registry, Procmon, Process Explorer, etc)
If this is also you β JACKPOT! πππ
- Experience doing threat hunting / incident response
- Experience with MITRE ATT&CK Framework
- Knowledge about cyber killchain as well as defense in depth concepts
- Experience in blue/purple teaming
- Experience with SOAR technologies
- Experience with cloud security controls (GuardDuty, CloudTrail, etc)
Letβs have a chat and GetWith us! π