Threat Detection Engineer

Threat Detection Engineer

Full-Time, Exempt

Location : Scottsdale, AZ; On-site

Lumifi is looking for motivated individuals to fill threat content developer positions.  Candidates should have ample exposure to network security principles, threat detection practices, rule writing, along with first-hand experience working in a security operations center or security engineering environment.   Prospective candidates should have excellent communication skills, work effectively in a team, and perform well in a rapidly paced workplace.  The position is located at our Scottsdale, AZ office.

Primary Duties:

• Proactively threat hunt and identify misconfigurations within a SIEM solution.  Additionally, be able to provide strategic recommendations and assist in guiding the customer to resolution.

• Threat research and rule writing for various SIEM platforms. 

• Identify gaps in log collection, signatures, and indicators of compromise (IOC) visibility. Then work with customer success team and engineering to improve detection capabilities.

• Identify advanced malicious activity that has evaded traditional security monitoring capability.

• Assist customers with requests to help integrate the SIEM into their environment and workflows.

• Create and adjust custom or default parsers for client specific tools and integrations.

Required technical skills: 

• General knowledge of SIEM functionality and usage

• Knowledge of endpoint detection and configuration of alerts

• Strong understanding of network principles and topology, network protocol behavior, security devices (IPS, IDS, HIPS, firewall). 

• First-hand security operations center (SOC) experience performing analyst/security engineer duties. 

• Deep understanding of how malicious traffic appears over the network.  Rule and/or query writing experience in at least one SIEM 

• Must have strong threat detection knowledge and intuition. 

• Should understand content testing, implementation, and revision cycle. 

• Must understand how to gather threat intelligence and identify IoCs for use in detection mechanisms at both the host and network level. 

• Candidates should also have exposure to a wide variety of network and host logging formats (EDR/EPP, syslog, CEF, Windows Event Logs, Sysmon, firewall, DNS, Office 365, etc.).

• Prior experience and knowledge with threat intelligence, managing a threat intelligence platform (TIP), and/or managing/monitoring honeypot infrastructure is a plus.    

Recommended certifications: GIAC 400/500-level certifications (or industry equivalent).

Required experience (Minimum) : 2-3 years of direct involvement with security operations, security engineering, threat analysis, incident response, and/or threat detection.  Prior consulting or advisory experience preferred.

Benefits Include:

• Health Insurance 80% paid by employer
• Dental Insurance 80% paid by employer
• Vision Insurance 80% paid by employer
• Self-Managed vacation leave
• Paid sick leave
• Paid holiday leave

Lumifi Cyber welcomes and encourages diversity in our workplace. All qualified applicants will receive consideration for employment without regard to race color, religion, sex, sexual orientation, gender identity, national origin or disability.

All candidates must be eligible to work in the U.S. for any employer. Lumifi participates in E-Verify verification.