Security Detection Engineer

Our customer is a large United States insurance company that is backed by more than 100 years of experience and provides insurance products and services for businesses and professionals in the United States., Canada and Europe. Headquartered in Chicago, IL, they have more than 20 US locations.

We are seeking a Detection Engineer on a contract basis to support our Customer's business needs. This role is 100% remote but candidates who can work on a hybrid setup in Chicago, IL will be preferred.

As a Detection Engineer, your primary focus will be on implementing, configuring, and maintaining security detection rules and mechanisms within the on-premise and Google Cloud environments. Your expertise will contribute to the mission of safeguarding the assets and ensuring the highest level of security for the cloud infrastructure. This role requires in-depth knowledge of detection engineering, incident response, investigations, and emerging threat trends.

Responsibilities:

• MITRE ATT&CK Framework: Utilize the MITRE ATT&CK Framework for threat detection creation, gap assessment and analysis.
• Security Detection Implementation: Implement, configure, and maintain security detection rules and mechanisms, including intrusion detection, anomaly detection, and log analysis tools, to identify and respond to security incidents.
• Security Operations: Play a critical role in the day-to-day security operations, including monitoring, tuning, analysis, and proactive threat hunting.
• Incident Response: Lead incident response efforts, investigate security incidents, conduct root cause analysis, and implement corrective measures.
• Kubernetes Incident Response: Apply expertise in Kubernetes for incident response and forensic analysis.
• Security Automation: Develop and maintain automation scripts and tools to streamline security detection operations and response.
• SOAR Playbooks: Build, design, run, and troubleshoot playbooks within a SOAR (Security Orchestration, Automation, and Response) solution to automate incident response processes.
• Documentation: Maintain comprehensive documentation of security detection configurations, incident response procedures, and investigations.
• Stay Current: Stay up-to-date with the latest security threats, vulnerabilities, and industry trends to proactively enhance security detection measures.

Must-haves:

• Bachelor's degree in Computer Science, Information Security, or a related field (Master's degree preferred).
• Google Cloud Professional Cloud Security Engineer certification or equivalent experience.
• Experience with cloud security detection tools and technologies, including intrusion detection, anomaly detection, and log analysis.
• Proficiency in scripting and automation (e.g., Python, Bash).
• Experience in incident response, investigations, and security operations.
• Proficiency in Kubernetes with a focus on incident response and forensic analysis.
• Familiarity with the MITRE ATT&CK Framework for threat detection and mitigation.
• Experience working with Splunk Enterprise Security or similar SIEM solutions.
• Experience with Posture management tools like SnapAttack, Cardinalops is preferred
• Experience with Anthos, docker etc
• Excellent problem-solving and analytical skills.
• Strong communication and teamwork skills.
• Relevant certifications such as CISSP, GCIH, GCIA, Certified Kubernetes Administrator (CKA), or Splunk certifications are a plus.

Perks are available through our 3rd Party Employer of Record (Available upon completion of the waiting period for eligible engagements)

Health Benefits: Medical, Dental, Vision, Life (including spouse & child), 401k, STD/LTD, AD&D, and Commuter Benefits program.

An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.