<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2659386&amp;fmt=gif">
Talk to an expert

Threat Detection Engineer

Back to all Jobs

Cysiv, a fast-growing pioneer in the field of SOC-as-a-Service, is expanding its team and is looking for a highly capable Threat Detection Engineer, to help support its growth. You will help us develop and deploy solutions at cloud scale, by integrating multiple data sources into the Cysiv’s security operations and analytics platform and by developing automation algorithms to find cyber security threats in real time. Your job will be focused on building advanced and innovative detection mechanisms for attacker techniques, tactics and procedures (TTPs).

Duties and Responsibilities:
  • Develop rule-based detection algorithms in Python
  • Work with the detections engineering team to transform attacker TTPs into viable, low false-positive behavioral and signature detections using Python programming
  • Set up testing environments and conduct data analytics, data cleansing, and testing
  • Continuously evaluate security monitoring contents on Cysiv’s next-gen SIEM
  • Identify gaps in existing security capabilities
  • Work with SOC team to automate the detection of new threats
  • Create use-case documents for detected threats
  • Work with the development teams to design and support our security platform and services
  • Minimum 2 years of experience related to threat detection engineering
  • Knowledge and insight into various cyberattack lifecycle models
  • Python programming/scripting experience preferred
  • In-depth knowledge of security logging for Linux, Windows, Mac OS X, or Active Directory
  • Experience with web services, and cloud technologies, including Google Cloud Platform (GCP), AWS, Azure
  • Experience in Elasticsearch, Kibana and GCP is preferred
  • Proficiency in building detection algorithms and utilizing logs and events to detect malicious activity with high fidelity from a broad set of detection use cases
  • Proficiency in, and knowledge of, TTPs related to a threat actor or APT group
  • Expertise in tools and techniques for analyzing large data sets
In addition, the ideal candidate will have:
  • Knowledge of IT and security logs, threat intelligence, or machine telemetry
  • Experience with Elasticsearch, ArangoDB, Redis, or similar
  • Strong self-motivation, passion for problem solving with data, and ability to work independently
  • Strong interpersonal skills
  • Demonstrated ability to learn quickly

{{item}} Pune, India

An equal employment opportunity

Cysiv provides equal employment opportunity for all applicants and employees. Cysiv does not unlawfully discriminate on the basis of race, color, religion, sex, pregnancy and childbirth or related medical conditions, national origin, ancestry, age, physical or mental disability, medical condition, family care leave status, veteran status, marital status, sexual orientation, or gender identity.

Apply For This Position