When you join Verizon Verizon is one of the world's leading providers of technology and communications services, transforming the way we connect across the globe.
We're a diverse network of people driven by our shared ambition to shape a better future.
Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role.
Together, we are moving the world forward - and you can too.
Dream it.
Build it.
Do it here.
What you'll be doing...
The Threat Library team is a highly experienced, global team of threat detection engineers supporting multiple products in the Verizon Business Group Security Solutions portfolio.
The team has a combined experience of more than 50 years in large-scale incident analysis and detection engineering across a vast collection of technologies.
The core responsibility of the team is to provide actionable threat detection content on multiple SIEM platforms in order to protect our global customer base.
The team works closely with operational teams such as our SOC Analysts and Client Security Engineers, but also Product Engineering and Development teams in order to continuously improve the service we collectively provide to our customers.
The Threat Library team, through Verizon, is a research partner of the MITRE Engenuity Center for Threat-Informed Defense (CTID) and has contributed to multiple research projects which have been released to the public.
Verizon is hiring a Principal Detection Engineer (Principal-Threat Intel) to join the Threat Library team.
In this position, you will be an expert in the threat detection engineering/security analytics and security intelligence domain: Research, develop, test, document and implement global threat detection content across one or more SIEM platforms and any tuning required post-implementation as prioritized based on emerging threats/TTPs, MITRE ATT&CK coverage, strategic planning or requests from other teams.
Validate and curate existing content periodically.
Support escalations in the context of threat detection.
Technically enable stakeholder teams strategically in the context of threat detection and SIEM expertise through research/detection briefs, internal workshops, process documentation or reporting.
Produce & present clear and actionable reports to the team, stakeholders and management around threat detection efficacy and gaps.
Contribute to the team's Jira backlog.
Contribute to team's strategic direction with regards to prioritization and planning.
Act as a spokesperson for the team in-region and educate stakeholders on Threat Library.
Collaborate with stakeholder teams and lead joint tracks and recurring meetings.
Challenge the way we work every day, constantly looking to improve processes, tooling and the product we deliver.
Rigorously file bugs and feature requests to safeguard our high quality standards and drive innovation.
Work with platform vendors where required.
Support peers by conducting peer reviews or providing input upon their request.
Mentor/guide junior team members.
What we're looking for... You'll need to have: This hybrid role will have a defined work location that includes work from home and assigned office days as set by the manager.
Bachelor degree in a related field or relevant work experience.
Relevant work experience working with SIEM platform(s) (Splunk / QRadar / Microsoft Sentinel / Elastic / SumoLogic /...) Intrusion Detection/Prevention or Endpoint Detection & Response.
Detection Engineering work experience.
Demonstrated experience of development, testing and tuning threat detection content on at least one SIEM platform.
Experience with search query languages such as SPL (Splunk), KQL (Microsoft), KQL/Lucene (Elastic).
Excellent knowledge of the current threat landscape.
Knowledge of modern analytical techniques and concepts for use in threat detection content.
Knowledge of cyber threat intelligence and leveraging it to produce actionable detections.
Deep familiarity with the MITRE ATT&CK framework.
Good understanding of general SIEM engineering and key concepts (parsing, enrichment, normalization).
Demonstrated experience in at least 2 of the following domains relevant to security and telemetry used for detection content: Windows and Active Directory (AD); Endpoint Detection & Response (EDR); Amazon Web Services (AWS); Microsoft Azure/O365; Google Cloud Platform (GCP); Operational Technology (OT) - Industrial Control Systems (ICS), SCADA, PLC; Internet of Things (IoT).
Working knowledge of major protocols in the OSI Model (TCP/IP, DNS, HTTP, SMTP,...) and how they're used (and abused by threat actors) today.
Working knowledge of security architecture.
Willingness to travel.
Even better if you have one or more of the following: Excellent problem solving skills.
SANS GIAC (GCIA, GCIH, GREM, GCFA, GPEN, GCPN, GXPN, GMON, GCDA, GCTI, GRID, GDAT) or similar technical security certifications.
El anuncio original lo puedes encontrar en Kit Empleo: https://www.kitempleo.es/empleo/121515902/principal-detection-engineer-c433-madrid/?utm_source=html #J-18808-Ljbffr