Threat Detection Engineer

THE POSITION: We are seeking a highly motivated and skilled Threat Detection Engineer to join our dynamic security team. In this role you will be responsible for developing, implementing, and maintaining threat detection capabilities to protect our organization from cyber threats. The primary responsibility will be building, deploying, and maintaining the detection rules for our security toolset. Additionally, you will work within the Security Engineering team to administer the security stack at EVERSANA, help streamline processes and respond to security events as needed.ESSENTIAL DUTIES AND RESPONSIBILITIES: Our employees are tasked with delivering excellent business results through the efforts of their teams. These results are achieved by:Develop and Implement: Create threat detection rules, alerts, and dashboards using Splunk, SentinelOne, and other security tools. Should be comfortable creating SIGMA rules in YAML. Analyze Logs: Examine security logs and alerts to identify and investigate potential security incidents. Continuously monitor security logs and network traffic for threats, breaches, and unusual activity. Embed that activity into detection logic and security controls.Collaborate: Work closely within the security team to enhance our overall security posture. Administer applications within the EVERSANA security stack.Stay Informed: Keep up-to-date with the latest threats, vulnerabilities, and security technologies.Maintain Documentation: Contribute to the development and upkeep of security detection database. Will be responsible for maintaining a list of currently deployed detection rules.Automate Processes: Streamline security tasks and processes to boost efficiency and effectiveness.Incident Response: Respond to security incidents, troubleshoot issues, and remediate as required.Demonstrate a commitment to diversity, equity, and inclusion through continuous development, modeling inclusive behaviors, and proactively managing bias.All other duties as assignedConsistent with the Americans with Disabilities Act (ADA) and applicable state and local laws, it is the policy of EVERSANA to provide reasonable accommodation when requested by an employee with a disability, unless such accommodation would cause an undue hardship for EVERSANA. If reasonable accommodation is needed to perform the essential functions of your job position, please contact Human Resources.EXPECTATIONS OF THE JOB:Travel (0%)Hours (40 hours per week, 5 days of the week)The above list reflects the general details necessary to describe the expectations of the position and shall not be construed as the only expectations that may be assigned for the position.An individual in this position must be able to successfully perform the expectations listed above. MINIMUM KNOWLEDGE, SKILLS AND ABILITIES:The requirements listed below are representative of the experience, education, knowledge, skill and/or abilities required.2 year degree or equivalent experience3+ years of hands-on experience in detection engineering, security automation, or a similar role.Experience with detection engineering and security analytics.Experience with EDR, SIEM, and Vulnerability Management technologies.Understanding of network security, operating systems, and cloud security.Understanding of incident response techniques.Analytical, problem-solving and communication skills.Security certifications:(e.g. Security+, Splunk/SIEM related certs)PREFERRED QUALIFICATIONS:Education BS in Cybersecurity FieldExperience working with various security technologies and data sources, including but not limited to:Cloud security platforms (GCP, AWS, Azure)Endpoint Detection and Response (EDR) solutions – SentinelOneSplunkNetwork security devicesIdentity and Access Management (IAM) systemsExperience with Python scripting and SIGMA rule creation (yaml format). Experience with incident response.Understanding of MITRE ATT&CK frameworkExperience with SOAR platforms.Proven ability to work independently.Excellent written and verbal communication skills; able to author clear technical documentation and rulesetsSANS related certifications – GMON, GCDA, etc.PHYSICAL/MENTAL DEMANDS AND WORKING ENVIRONMENT:The physical and mental requirements along with the work environment characteristics described here are representative of those an individual encounters while performing the essential functions of this position.Office: While performing the essential functions of this job the employee is frequently required to reach, grasp, stand and/or sit for long periods of time (up to 90% of the shift), walk, talk and hear; occasionally required to lift and/or move up to 25 pounds. The noise level in the work environment is usually moderately quiet, with frequent interruptions and multiple demands.OUR CULTURAL BELIEFS:Patient Minded I act with the patient’s best interest in mind.Client Delight I own every client experience and its impact on results.Take Action I am empowered and empower others to