SANS Internet Storm Center: GIAC Network Security Jobs

Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/

Handler on Duty: Didier Stevens

Threat Level: green

Lead Detection Engineer
Company	UKG
Location	Alpharetta - Georgia - United States, Atlanta - Georgia - United States, Lowell - Massachusetts - United States, Weston - Florida - United States
Preferred GIAC Certifications	GCFA, GCDA, GWEB
Travel	25%
Salary	Not provided
URL	https://careers.ukg.com/careers/JobDetail/Lead-Detection-Engineer/46117
Contact Name	Mike Christopher
Contact Email	mike.christopher/at/ukg.com
Expires	2024-01-28

Job Description

Description

As a Lead Detection Engineer, you will be part of UKG's Global Security Detection Engineering team. This global team is responsible for detecting and responding to sophisticated cyber threats and attacks. In your role you will leverage a variety of tools and resources to proactively detect, investigate, and respond to emerging and/or persistent threats impacting UKG and/or its customers.

Responsibilities:

You will be providing hands-on solutions, customization and tuning, automation, and use case development for the SIEM, SOAR, and other stakeholder requirements for threat informed defense strategies

You will support leading production level projects to completion as a contributor and a collaborator between multiple stakeholder teams including the Security Operations Center (SOC), Threat Intelligence, Incident Response, and Incident Response

You will be working on a globally distributed team and expected to create and present strategies, technical plans, and architectures to audiences of technical and executive leadership levels when asked.

You will also maintain existing internal code, use cases, and further extend SIEM and SOAR integrations aligned to the Detection Engineering program efforts
Qualifications

Basic Qualifications:

5+ years of security and hands on technical automation experience, with 2-3 of those years focused on creating use cases and detection focused automation

2-3 years of operational experience working directly with or in security operational teams including: SOC, Threat Intelligence , and Incident Response

Deep understanding of SOC, SIEM, and other engineering best practices, limitations, and ways of extending or customizing threat detection automation related use cases

Demonstrate hands-on skills in a major scripting/programming language or a search query language for use in security operations and threat detection

Preferred Qualifications:

Experience with a major public cloud service provider (CSP)

Splunk Cloud ES or Splunk SOAR (Phantom)
#LI-Hybrid