Detection Engineer (3rd Shift)

Who We Are Red Canary was founded to create a world where every organization can make its greatest impact without fear of cyber threats. We’re a cyber security company who protects, supports and empowers organizations to make better security decisions so they can focus on their mission without fear of cyber threats.

The combination of our market-defining technology and expertise prevents breaches every day and sets a new standard for partnership in the industry. We’re united in our commitment to customers and grounded in our values, which earned us a place on the Forbes Best Start-up Employers 2022 list.  If our mission resonates with you, let’s talk.

What We Believe In

• Do what’s right for the customer
• Be kind and authentic
• Deliver great quality
• Be relentless

Challenges You Will Solve The Cyber Incident Response Team (CIRT) continues to push the boundaries of threat detection and response with a unique combination of operations, threat research, and engineering in tight integration with the development team that designs our analysis platform and the Red Canary Threat Detection Engine.

The security landscape is always shifting and introducing new adversaries. The Red Canary CIRT operates 24/7 to track down threats using the entirety of our customer’s data and deliver fast and practical detections to our customers.

This is not a role where you are encouraged to passively accept the current state. At Red Canary, you are empowered to actively look for opportunities to automate repetitive and tedious tasks. We let the automation framework handle the mundane tasks, so that you can remain focused on solving complex and critical problems for our customers.

What You'll Do

• Use Red Canary’s detection platform to analyze EDR telemetry, alerts, and log sources across several detection domains (Endpoint, Identity, SIEM, Cloud/SaaS, etc.)
• Publish threats for customers using concisely-written communication while effectively conveying key and important indicators
• Detector Development: Research coverage opportunities then create new detectors, and tune existing ones.
• Improve the CIRT workflow through orchestration & automation
• Provide mentorship to your peers and communicate effectively with others for efficient cross-team collaboration

What You'll Bring

• Analysis experience and proficiency in one or more of the following functional areas: Endpoint (MDR), Cloud/SaaS, Identity, Email, SIEM
• Proven experience with automation and orchestration to effectively handle an extreme volume of telemetry and logs in a timely and efficient manner
• Strong written communication skills, and abilities to work in a team-centric environment
• Strong analytical thought-process and critical thinking skills to translate disparate activity into the realm of threat analysis
• Open-source intelligence research skills used in a fast-paced operational environment, and the ability to apply those findings within the analytical workflow to identify threats
• Experience leveraging Mitre ATT&CK framework, and  familiarity with other alternative attack frameworks and threat models
• Familiarity with backend data structures used for security analysis (JSON, YAML, etc.)
• Experience using query languages and understanding syntax across EDR or other security platforms (SQL, K, Lucene, etc.)
• Experience creating and tuning  detectors/rules using commonly known tools such as YARA, SIGMA, Snort, Splunk, Elastic, etc.

Bonus Points

• You enjoy impacting the Infosec community through writing blogs, participating in webinars, and presenting at conference talks
• Experience using version control software for the deployment of detectors, rules, or other automations (GitHub, CircleCi, etc)
• Previous Red Team experience