Job Description

A healthcare client is looking for a Detection Engineer to sit fully remote. This person is going to be on the SIEM Engineering team. The detection engineer is going to be responsible for developing and implementing threat detection mechanisms using EDR (Endpoint Detection Response) using tools like Tanium, CrowdStrike and Splunk. This role requires someone who has a strong understanding of data management, security practices, and the ability to analyze and interpret complex data sets. They will be working with the Incident Response, Hunt, Intel, and Threat Hunt teams. They will be creating detections base on processes, malware analysis, creating demo detections that will be going into production weekly and be able to give explanations behind them. 70% of their time will be spent tuning/creating content base on system processes (expert level), 20% Splunk detection engineering and 10% documentation.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com .

To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/ .

Skills and Requirements

5+ years of experience within Cybersecurity, Software Development, Large Scale Computing or Anomaly Detection

5+ years of experience working in computer security with a focus on network and enterprise defense

3-5 years of experience using Tanium as an endpoint security solution

3-5 years of experience using Crowdstrike for endpoint protection and cloud security

3+ years of experience in crafting detections using static, dynamic, and hybrid detection engines, such as Yara, ClamAV, Suricata/Snort, Sigma, and Zeek -- Yara, Suricata, Snort, Zeek, Sigma

2+ years of experience working with EDR

2+ years of experience with MITRE

2+ years of experience with regular expressions null

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal employment opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment without regard to race, color, ethnicity, religion,sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military oruniformed service member status, or any other status or characteristic protected by applicable laws, regulations, andordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to HR@insightglobal.com.