Threat Detection Engineer

Legato Security is an information security firm founded upon the belief that every organization has the right to keep its data private and secure. Our mission is to build close partnerships with our clients, serving them not as just a vendor, but as trusted advisors helping to build effective, proactive plans. Our focus is always on both the technical and human elements within an organization.

We believe in comprehensive strategies designed to harden networks, deflect attackers, and rapidly recover from any accidents. As technology progresses, so do our tactics, ensuring our experts are always prepared to serve forward-looking leaders eager to stay ahead of emerging threats.

Legato Security is seeking a motivated junior or mid-level Detection Engineer to assist with detection engineering efforts. As a Detection Engineer, you will assist with rule creation, rule tuning, creating documentation, assisting with on-going infrastructure projects, and assisting with customer requests.

• Create, improve, review, and tune detection rules in various SIEMs (e.g., Sumo Logic, Google Sec Ops, Stellar Cyber). This will include log reviews of customer environments to make informed decisions.
• Assist in creating and maintaining documentation for detection procedures, workflows, and active projects.
• Collaborate with SOC analysts to improve detection accuracy and reduce false positives
• Help maintain and update detection use cases based on emerging threats and customer-specific logs.
• Assist in creating regular reports on detection metrics and effectiveness.
• Review and respond to internal and customer requests to assist with anything related to detection engineering.
• Contribute to declarative and imperative programming projects to assist with detection as code.

• Bachelor's degree in Computer Science, Cybersecurity, related field or equivalent industry experience
• 3-5 years of experience in detection engineering or a related field (e.g., SOC Analyst, Pen Testing, IT Infrastructure, Network Engineering, or Software Development). Job-specific experience in detection engineering is not required
• Familiarity with networking principals (e.g. routing, common protocols, firewall functionality, etc.)
• Basic understanding of Windows operating systems (e.g. versions, common exploits, understanding of registries, exposed protocols, common enumeration commands, etc.)
• Active Directory Fundamentals (e.g. basic understanding of NTLM and Kerberos, how to use LDAP, understanding of common attacks within Active Directory.)
• Understanding of Detection as Code and common exploits
• Strong interest in pursuing a career in detection engineering
• Ability to quickly learn different tool sets and environments
• Strong written and verbal communication skills
• Ability to prioritize multiple competing projects, meet deadlines, and work effectively in a team environment

• Applicants who demonstrate personal learning and curiosity through personal projects will be prioritized. e.g. home labs, personal Github projects, write-ups, blog posts, Hack the Box profile, Try Hack Me  profile.
• Relevant certifications such as OSCP (Offsec), OSDA (Offsec), CPTS (HTB), CDSA (HTB), etc.

· Start-up company in a growth phase with opportunity for advancement based on performance

· Start-up culture with an office in downtown Salt Lake City, UT

· Competitive medical and dental benefits for employee and family members

· Other voluntary benefits such as short-term disability, life insurance, children’s orthodontia, with additional voluntary benefits available

· Professional Development opportunities specific to role