Advanced Defensive Detection Engineer

Location: Berwyn

Who we are looking for

The Advanced Defensive - Detection Engineers is a member of a small team tasked with securing the firm's most critical network environments and applications.

The Advance Defensive - Detection Engineer is responsible for understanding how a threat actor is likely to attack or exploit State Street's most critical environments and systems, and then creating, testing, enhancing, and documenting detection capabilities to detect adverse events within these systems. You must be ready to work collaboratively across the team, learning new skills and forging new procedures, relationships, and methods.

Remote work options will be considered for highly skilled candidates.

What you will be responsible for

* Interpreting threat models and conduct research to write and diagram discrete and detectable threat tactics, techniques and procedures (TTPs),

* Serve as an expert advisor on detecting TTPs for executives.

* Write Technique Research Reports (TRR) or similar reports to document attack technique research and modeling to assist cybersecurity practitioners to understand, emulate, and detect cyber-attacks.

* Develop and implement new detection rules for applications, and cloud and on-premises systems.

* Triage, prioritize, and take appropriate action to address requests for detection rule corrections and/or enhancements.

* Test and tune threat detection rules within detection (e.g., SIEM, EDR) and other tools.

* Monitor, maintain, and refresh SIEM look up tables and various other tables.

* Implement automated detection rule metrics to identify performance issues and opportunities to increase efficiency, fidelity or possible retirement.

* Validate and document detection requirements, search criteria, test cases, and other development lifecycle artifacts through use of appropriate documentation libraries and development tracking tools.

* Document and maintain assets, scripts and processes to test SIEM/EDR rules for reuse.

* Partner with other Fusion Center teams to align detection strategy with threat model and MITRE ATT&CK framework.

* Partner with purple team, various security, risk, IT and business professionals to validate and document threat detection goals.

* Provide guidance in alert creation among various security controls such as EDR, IDS, Cloud, email gateways, etc. Analyze, influence, and recommend.

* Collaborate with various teams to learn, document, and maintain a library of various IT processes, naming conventions, assets, configurations, and other considerations that can be leveraged to improve security capabilities across the organization.

What we value

The following knowledge and experiences will help you succeed in this role:

* Minimum of 5 years of experience where specific detection engineering like functions were performed. This might include threat hunting, security operations center management, threat research and development, data science and data mining.

* Experience in advanced threat modeling, detection-as-code pipelines, MITRE ATT&CK mapping, alert triage, basic rule tuning, custom logic, threat hunting, and detection-as-code.

* Experience in threat simulation, including adversary simulation, custom tooling, Red team collaboration, and scripting emulations.

* Experience in systems in infrastructure including secure architecture design and cloud-native controls.

* Experience in full-stack scripting, automation frameworks, advanced scripting with low error rates in Python, Power Shell, SPL, SQL, KQL, and regex.

* Experience in network forensics, encrypted traffic analysis, TCP/IP, DNS, HTTP, IDS/IPS, proxy logs, VPN analysis.

* Experience in analysis, including anomaly detection, advanced statistics (e.g., probability, distributions, estimating, hypothesis testing, regression, correlation, Markov Chains, Monte Carlos, LaPlace, Rule of Five, Bayes' theorem, machine learning, k-nearest), and creation of statistical models.

* Experience with data engineering, including parsing, dashboards, API design, and related concepts.

* Awareness of compliance, including aligning detection strategy with global financial regulations, ISO 27001, EU GDPR, PCI-DSS, EU DORA, SOX, NIST CSF, US OCC Part 30 Safety and Soundness Standards, and financial compliance frameworks.

* Experience with payment systems, classified systems, or other critical environments.

* Experience presenting to and advising executives.

This knowledge will help you succeed in this role:

* Knowledge of cyber security threat actors particularly their tactics, techniques, procedures, tradecraft, and noteworthy attacks.

* Knowledge of cybersecurity principles and practices, including defense in depth.

* Knowledge of computer network protocols.

* Knowledge of risk management processes.

* Knowledge of cybersecurity law, regulations, and industry best practices.

* Knowledge of system design tools and techniques.

* Knowledge of server administration and principles and practices.

* Knowledge of software engineering principles and practices.

* Knowledge of enterprise…