- Salary: $100000 - $125000
- Citizenship: Not Provided
- Incentives: Bonus
- Education: High School Diploma
- Travel: No Travel
- Telework: Full Telecommute
Role Value Proposition:
The Detection Engineer will be part of MetLife’s Threat Research Team and will be focused on building and expanding detection capabilities using a suite of security tools. This role will be primarily focused on researching threat actor tactics, techniques, and procedures, developing detection capabilities, and identifying ways to improve visibility using the security tools and products.
• Develop and deploy detections, automations, and alerting infrastructure to identify security events and incidents
• Find, gather, and normalize internal and external data to enhance our Security Information and Event Management System (SIEM)
• Aid research and engineering initiatives to automate and orchestrate security operations for efficiencies and diligence in support of Threat Research functions and operations
• Analyze activity associated with both successful and unsuccessful intrusions by advanced attackers
• Work with key stakeholders to incorporate high quality security and alerting into their operational workflows
• Build and maintain detection and response metrics and dashboards
• Actively participate in the development, documentation, and implementation of new processes to expand and mature capabilities for the organization
Essential Business Experience and Technical Skills:
• Strong understanding of Windows operating systems and command line tools, network protocols, TCP/IP fundamentals, and security infrastructure.
• Knowledge of networking protocols: TCP/IP, HTTP/HTTPs, FTP, IRC etc.
• Scripting and development experience for analysis and automating repeatable processes.
• Experience with commercial and open source Threat Intelligence Platforms (TIPs)
• Strong communication skills, both written and verbal
• Ability to collaborate with different teams
• Strong experience analyzing raw log files (i.e. firewall, IDS, PCAP, system logs)and performing data correlation.
• Experience with dissamblers/debuggers
• Experience working in a Security Operations Center or on an Incident Response Team
• BA/BS and/or related certifications (GREM or similar)