Kessel Run is looking for a highly motivated engineer specializing in security monitoring, detection and incident response to defend Kessel Run’s information, infrastructure and products.
At Kessel Run, we run one of the most interesting defense platforms in the world. We regularly see visits from parties we aren’t expecting and didn’t invite to visit, and who are not aligned with our goal of maintaining a stable, resilient, predictable, performant platform for Air Force operations.
The Detection Team is responsible for detecting and responding to threats against our development, staging, and production environments. As a Detection Engineer, you will defend Kessel Run by helping to build and run a comprehensive threat detection program. You will improve logging coverage, build and tune log aggregation, analysis, and alerting systems, and detect threats at scale.
• Analyze the latest attacker techniques and develop approaches to detect them across the company's diverse environments and endpoints.
• Define, implement, and tune detective capabilities and data sources to detect and remediate malicious activity
• Work with engineering and operations teams to implement threat detection signals, deploy new tooling, and improve response capabilities.
• Analyze security data and report on threats and incidents across various platforms and environments.
• Use automation to improve identification and response time and reduce impact when an incident occurs
• BS/MS in Computer Science, Information Systems, Electrical Engineering, or the equivalent in experience plus evidence of exceptional ability.
• Excellent understanding and experience in multiple security domains such as intrusion detection, incident response, malware analysis, application security, and forensics.
• Experience detecting abuse and large-scale attacks in a diverse environment.
• Experience in Pivotal Cloud Foundry as a PaaS; cloud environments (AWS preferred); and Linux containers and orchestration systems (Kubernetes preferred)
• DevOps or security automation experience is preferred
• Experience working with multiple stakeholders such as engineering/operations teams, internal business units, external incident response teams, and authorization officials throughout the incident lifecycle.
• Familiarity with the following detection-related disciplines with deep experience in one or more:
• Large scale analysis of log data using tools such as Splunk or ELK.
• Security automation using tools such as Phantom or Demisto.
• File system, memory, or live response on Windows, MacOS and/or Linux.
• Analysis of network traffic from intrusion detection systems and flow monitoring systems. • Host level detection with tools such as auditd, os-query, SysMon