STS Cyber Defense Security Engineer, Mandiant, Google Cloud na Google
Google · Addison, Estados Unidos Da América · Hybrid
- Professional
- Escritório em Addison
In-office locations: Addison, TX, USA.
Remote location(s): Texas, USA.
Minimum qualifications:
- Bachelor's degree in Computer Science, Information Systems, Cyber-security, related technical field, or equivalent practical experience.
- 3 years of experience in a Detection Engineering or related role.
- Experience with detection tuning and creation leveraging various security tools (e.g., SIEM, EDR, or NDR tools).
Preferred qualifications:
- One or more of the following certifications or similar: CompTIA Security+, CompTIA Network+; CISCO (CCNA); ISC2 (CISSP); SANS (GSEC, GCIH, GCED, GCFA, GCIA, GNFA, GPEN).
- Experience administering or implementing any other security platform (WAF, MFA, Privilege Access Management, TVM scanner, SIEM).
- Knowledge of scripting languages (e.g., PowerShell and Python).
- Understanding of cyber defense operations to include the incident response, containment, and remediation process, cyber threat intelligence, or security architecture.
- Understanding of logging for common platforms and devices, including operating systems, Linux, and network equipment.
- Excellent written and verbal communication skills.
About the job
The Security Engineer Endpoint Detection and Response (EDR) is responsible for enabling the technology and tools required to accomplish daily tasks within a Cyber Defense Center (CDC).
Responsibilities
- Identify challenges in customer Cyber Defense Centers and formulate strategies for improvement, plan implementation of improvements, and execute/oversee plans to completion.
- Create and modify EDR and SIEM use cases and detection logic, leveraging cyber threat intelligence, written in technology-specific query language or Sigma open signature format.
- Provide expertise for EDR, SIEM and other SOC technologies that assist in incident response. Advise on technologies relied upon by the client CDC, CSIRT, and SOC.
- Measure and improve alert fidelity through metrics creation, tracking, responding to tuning requests, implementing incident-specific detection logic, etc.
- Engage and collaborate with client stakeholders and other groups within the customer environment to drive resolution for security issues.