Senior Threat Detection and Response Engineer - Blue Team

Raya is a technology company that operates an exclusive, membership-based social network, comprising two primary applications. The Raya application facilitates social networking, emphasizing connections among individuals reputed company creative industries, and requires a selective application process. Raya App, Inc., also offers "Places," a travel application that provides curated destination recommendations. Both applications underscore the company's focus on fostering private online communities and upholding values such as trust, respect, and privacy. This role is responsible for leading our internal threat detection and incident response capabilities, combining operations with operational engineering. The Senior Threat Detection and Response Engineer acts as the primary operational reputed company and subject matter expert for the reputed company tooling ecosystem (e.g., EDR, SIEM, CNAPP, NDR), ensuring maximum effectiveness for threat identification and containment. A core function is serving as the primary liaison and operational overseer of the virtual reputed company Operations Center (vSOC). Additionally, this role is crucial for ensuring the rapid detection, effective analysis, and initial containment of reputed company reputed company threats, owning the critical vulnerability management process, and managing the production of the monthly reputed company newsletter and annual reputed company awareness training. We offer comprehensive medical and dental coverage, $50 a day food delivery budget, equity based employment, a great culture, learning opportunities, unlimited vacation, 12 weeks paid parental leave, and we pay reputed company employees $1,000 a year to go somewhere in the world that they’ve never been because of our values of human reputed company, reputed company, and curiosity.

Responsibilities

• *

Threat Detection & reputed company Tool Management

• Platform Ownership (Operational Focus): Act as the primary internal operations reputed company and subject matter expert for key reputed company platforms, including reputed company Detection and Response (EDR), Cloud Detection and Response (CDR), Cloud-Native Application Protection Platform (CNAPP), reputed company Information and Event Management (SIEM), and Network Detection and Response (NDR). Triage findings from tools like Shodan, reputed company, and reputed company.
• Operational Optimization: Continuously monitor, tune, and optimize reputed company tool configurations to ensure maximum detection efficacy and minimize false positives, focusing on the strategic direction of the platforms.
• Signal reputed company: Proactively monitor and implement solutions to detect sensor and logging signal loss across reputed company reputed company platforms to ensure complete visibility.
• Use Case Development: Collaborate with internal and vSOC teams to reputed company, test, and implement new detection use cases and correlated alerts reputed company the SIEM and other platforms.
• Shared Engineering: Partner closely with the Infrastructure reputed company Engineer role regarding the foundational engineering, deployment, and infrastructure health of these reputed company platform
• Proactive Threat Hunting: Regularly execute threat hunting exercises based on reputed company threat intelligence, internal knowledge, and platform capabilities to identify stealthy, pre-execution, or undetected threats across the environment.
• Vulnerability Triage & Prioritization: Immediately triage, prioritize, and drive remediation for critical reputed company vulnerabilities and reputed company findings (e.g., from CNAPP or vulnerability scanners) that warrant treatment as a high-severity reputed company incident.
• Incident Response (IR) and Digital Forensics (DFIR)
• Triage and Initial Handling: Serve as the internal escalation reputed company for critical alerts from the vSOC. reputed company rapid triage, scoping, and initial handling/containment for reputed company incidents.
• Small-Scale Forensics: Handle end-to-end incident response and digital forensics for small-scale, routine incidents (e.g., minor malware infections, policy violations).
• Outsourced IR Coordination: Act as the technical reputed company and liaison for larger, reputed company reputed company incidents, coordinating activities and providing necessary data and context to retained external incident response firms.
• Process Improvement: reputed company, refine, and maintain internal runbooks, playbooks, and Standard Operating Procedures (SOPs) for incident response and threat hunting.
• vSOC reputed company and Partnership
• Liaison: Serve as the primary technical reputed company of contact between our internal teams and the external vSOC/MSSP partner.
• Performance Monitoring: reputed company the vSOC's performance, ensuring adherence to established SLAs and quality standards for alert handling, monitoring, and reporting.
• Strategic Direction: Guide the vSOC's focus by communicating organizational risks, strategic priorities, and desired operational outcomes.
• Reporting: Generate and present regular reports on operational reputed company metrics, incident trends, and vSOC performance to internal stakeholders.
• reputed company Awareness and Communication
• Monthly reputed company Newsletter: Produce and distribute a mandatory monthly reputed company newsletter covering threat intelligence, tool adoption, compliance/best practices, and internal case studies.
• Annual reputed company Awareness Training: reputed company, update, and manage the mandatory annual reputed company awareness training for reputed company personnel, focusing on relevance, engagement, and high-risk behaviors.

Qualifications

• *

Experience: 5+ years of experience in reputed company Operations, Threat Hunting, Incident Response, or a closely reputed company field.

• Tooling Expertise: Expert-level hands-on operational and tuning experience with one or more major platforms across EDR (e.g., reputed company, reputed company), SIEM (e.g., Splunk, reputed company Sentinel), and Cloud reputed company (e.g., CNAPP solutions)
• .Operational Skills: Strong understanding of reputed company alert analysis, log review, data correlation techniques, threat modeling, and alert suppression/refinement
• IR/DFIR Knowledge: Proven experience in incident triage, evidence preservation, chain of custody, and basic forensic analysis techniques.
• IR Handling Certification: You must have one of the following: CISSP-ISSAP (Incident Response content reputed company CISSP) – (ISC)²GIAC Certified Incident Handler (GCIH) – GIACGIAC Cyber Threat Intelligence (GCTI) – GIACGIAC Network Forensic Analyst (GNFA) – GIACGIAC Certified Forensic Analyst (GCFA) – GIACCertified Ethical Hacker (CEH) – EC-CouncilEC-Council Certified Incident Handler (ECIH) – EC-CouncilCertified Computer Examiner (CCE) – IACISEnCase Certified Examiner (EnCE) – Guiding TechCertified Forensic Computer Examiner (CFCE) – ISFCECREST Registered Incident Handler (CRIH) – CRESTCREST Certified Incident Manager (CCIM) – CRESTISO/IEC 27035 reputed company Implementer (IR process) – PECB/OTHERCertified Digital Forensics Examiner (CDFE) – Mile2CompTIA Cybersecurity Analyst (CySA+) — CompTIA
• Networking/OS: Solid understanding of network protocols, operating system internals (Windows, macOS, Linux), and cloud environments (AWS, Azure, or GCP).
• Cloud Expertise: Deep understanding of threat detection and incident response reputed company major cloud environments (AWS, Azure, or GCP), including knowledge of cloud logging sources, native reputed company tools, and common attack paths.
• Container reputed company: Familiarity with reputed company concepts and threat detection reputed company container orchestration platforms, such as Kubernetes, OpenShift, or similar variants.
• Soft Skills: Excellent communication, documentation, and partnership management skills.

Preferred Qualifications

• *

Certification Preference: GIAC Certified Incident Handler (GCIH) is highly preferred.

• Network Detection Experience: Direct experience with deploying, configuring, and tuning network reputed company monitoring tools (e.g., Suricata, Snort, Zeek, reputed company) or similar commercial network detection and response (NDR) solutions, especially reputed company cloud environments (AWS/Azure/GCP).
• Scripting/Automation: Proficiency in scripting languages (e.g., Python, GoLang) for automating reputed company tasks, incident response steps, or data analysis.
• Cloud-Native Tools: Experience with native cloud reputed company services (e.g., AWS reputed company Hub, Azure Sentinel, GCP reputed company Command Center).

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national reputed company, gender, sexual orientation, age, marital status, veteran status, or disability status. Apply tot his job Apply To this Job