Detection Engineer

23andMe is looking for an experienced detection engineer to join our Security Operations Team. You will bring critical thinking skills, hands-on experience with Enterprise Security design and the ability to work with and influence cross-functional teams (Engineering, IT, Net Ops and Architecture).

You’ll be leveraging your experience and expertise with enterprise security tools and industry best practices to secure our customer data and corporate assets.

• Work within the Security Operations Team to identify threats within the environment through traditional threat hunting techniques
• Work collaboratively to speed up response time and to determine the state of the potential threat / alert
• Assist the security organization to identify automation opportunities and work to implement those integrations and automation improvements within the security tooling
• Participate in an on-call rotation with additional bonus opportunities
• Leverage multiple security techniques and tools daily, including but not limited to use of tools for: intrusion detection, endpoint detection and response, and SIEM
• Actively threat hunt within security tools and determine steps to triage and filter the true events from background noise
• Create and use threat hunting playbooks
• Create and use security operations runbooks to respond to alerts
• Design and implement new security playbooks and automation
• Define, design, and build threat detection methodologies; help to improve the security posture of the company
• Lead by example and share your creativity, wit and experience across the team, working on a variety of tasks ranging from threat detection within multiple enterprise security tools, assessing threats and providing targeted responses and monitoring the corporate environment for potential risks
• Integrate, configure and maintain SIEM tools
• Train and mentor security engineers and analysts to utilize SIEM technology
• Manage and improve our incident response workflow, implement mitigation plans in cooperation with Engineering, Sec Ops, App Sec, and IT teams
• Help teams to leverage the existing and emerging logging and monitoring solutions, extract security events from the logs with filter/correlation tools, evaluate misconfiguration and intrusion detection signals, automate as much as possible
• Improve our vulnerability management program: setup and integrate security scans, triage and mitigate vulnerabilities, communicate required actions to relevant teams
• Implement, monitor and support Product, corporate IT and infrastructure security solutions, including: configure, manage and optimize logging, monitoring, correlation and alerting tools, and the orchestration through a security information and event management (SIEM) solution
• Data Loss Prevention (DLP) solution focusing on PII and Intellectual Property related data
• Detect and respond:
  Deploy Threat Intelligence products and develop threat reports
• Assist with the design, development, delivery, documentation, training, and reporting on security control mechanisms (e.g. WAF, endpoint‑protection/AV/EDR, etc.)
• Evaluate security technologies; work closely with vendors to ensure timely delivery of products, services, and feature requests
• Risk and evidence‑based approach:
  Identify, assess, and prioritize security risks to Product, Infrastructure, Enterprise data and systems, including external threats, internal threats, and exposure to third‑party vulnerabilities
• Other duties as assigned

• Passion for security
• Familiarity with how attacks are conducted against network infrastructure, web applications and employees
• Hands‑on experience with SIEM, EDR, osquery/Fleet
  
  DM, and other security tools, with the ability to triage alerts effectively to identify potential threats
• Some knowledge and capability with one or more scripting and programming languages (e.g., bash, Go, Python, etc.)
• Working knowledge of operating systems (e.g., MacOS, Windows, Linux)
• Hands‑on experience with information security tools in Google Workspace, Cloudflare, Okta, and AWS
• Strong understanding of security concepts such as incident response, cloud security monitoring, network security monitoring, host based analysis,…