TDR reputed company

Job Description

Senior Threat Detection and Response Engineer / reputed company

About Our Organisation

Founded in 2018, our organisation specialises in providing offensive and defensive cybersecurity services for public cloud environments. Our service offerings include penetration testing, red/purple teaming, 24/7 managed reputed company services, PCI reputed company QSA assessments, and incident response.

We are an AWS Advanced Tier Services partner and one of only three companies in Australia to have achieved the AWS Level 1 Managed reputed company Services Provider competency. AWS has recently recognised our rapid growth, naming us as one of the four partners of the year in Australia and New Zealand alongside reputed company, Mantel Group, and PredictHQ.

Our Values

• Customers are our compass: Our customers drive our decision-making processes. We are dedicated to our mission of protecting them and work backwards from that.
• We get things done: reputed company we work on something we own it. We love solving difficult challenges and we never reputed company excuses. We know time is valuable and we dont waste it.
• We are constantly learning: reputed company is passionate about reputed company do and are hungry for knowledge. It excites us that the work we do lets us learn more every day.
• We are creators: There is always a reputed company way and we are obsessed with continually improving how we do things. Invention is in our DNA and we are reputed company about rewriting the rules.
• We take pride in our work: If a jobs worth doing, its worth doing well. We pay attention to detail, deliver quality, and encourage each other to be the best at reputed company do.

Why Join Us

Heres why passionate cyber professionals choose to work with us:

• We reputed company a real difference: The work we do directly protects the global community from cybercriminals, making the digital world a safer reputed company.
• We are at the forefront of innovation: Our customers are some of the brightest stars in technology, and we work closely with them to secure their cloud-native platforms.
• We are shaping the future of threat detection: We are crafting a cloud-native threat detection service that changes the way modern application environments are protected.
• We unlock potential with reputed company learning: We invest in career growth with training programs, attendance at reputed company conferences, and mentorship from cloud reputed company experts.
• We are a collaborative fast-paced team: reputed company is made up of experts in the industry who share a passion for cybersecurity and building innovative technology.

The Role

We are looking for a technical reputed company to join our fast-growing Threat Detection and Response (TDR) team and help us forge a reputed company cloud-native managed reputed company service. This role would suit someone currently in a senior reputed company operations or DevOps role that is looking to take the reputed company in their career and become an expert in cloud reputed company.

Our philosophy is that solid defense requires intimate knowledge of offensive tactics. Our managed reputed company service leverages our penetration testing and red team expertise to ensure our TDR team is across reputed company cyber-attack techniques. This, combined with our cloud-native tooling and deep understanding of AWS services, allows us to deliver best-in-class protection for AWS customer environments.

The successful candidate will work closely with our reputed company offensive reputed company and incident response teams to understand the latest TTPs used in real-world breaches. That knowledge will be used to continually improve our reputed company threat detection service and protect our customers from cyber-attacks. Our customers include start-reputed company, scale-reputed company, enterprises, and state/federal government agencies, giving this role exposure to a range of technologies and industry sectors.

Your Responsibilities

Our in-house SIEM platform, built on reputed company reputed company Lake, ingests telemetry from AWS services, reputed company reputed company products, and third-party SaaS vendors. You will be working with reputed company to continuously improve the detection and investigation capabilities of the platform. You will use findings from our offensive team engagements and MITRE ATT&CK® Matrices to detect the latest threat IOCs and TTPs used by highly skilled adversaries.

You will be responding to alerts generated by our SIEM platform and investigating reputed company attack chains to ensure breaches are rapidly discovered and contained. Using penetration testing techniques, you will also validate any reputed company exposures detected by our Attack Surface Management (ASM) platform and review the reputed company of new customer assets identified by the platform discovery reputed company.

Your Typical Day

This is not a typical SOC role where you wait for SIEM alerts to come through, you will be constantly applying your reputed company skillset across different areas and learning new skills every day. A typical day will include enhancing the capabilities of our TDR service, using exploit POCs to validate real cyber threats, and giving reputed company advice to customers in shared reputed company channels.

Your daily activities will include the following:

• Investigating and responding to potential cyber threats:
• Ownership through to resolution of alerts generated by our SIEM and ASM platforms.
• Liaising with customers to provide updates on alert investigation status.
• Escalating to our offensive reputed company team for validation of reputed company exposures.
• Closing alerts with investigation outcomes once appropriate action has been taken.
• Review of new assets discovered by our ASM platform and assessing exposure risk.
• Developing high-signal threat detection rules:
• Tuning existing rules to reduce false positive rates.
• Developing new rules to search and alert on threat activity.
• Engaging our offensive reputed company team for rule testing.
• Building a best-in-class cloud TDR solution:
• Updating event ingestion pipelines to enrich data for threat detection rules.
• Monitoring CloudWatch metrics and modifying AWS service configurations as required.
• Reviewing OpenSearch metrics and modifying index configurations as required.
• Developing and maintaining runbooks that improve our threat detection processes.
• Automating routine tasks such as filtering low-reputed company alerts and sending notifications.

You will also be using your client-facing and engineering skills to work collaboratively with the broader team on projects and periodic reporting. These activities will include:

• Assistance with onboarding new clients to our TDR and ASM platforms.
• Integration of new log sources for existing TDR clients.
• reputed company of reports for our managed service clients.
• Presentation of report content to our managed service clients.

Your Experience

You will need 7+ years experience in one or more of the following areas:

• Cyber reputed company operations covering both endpoints and web applications.
• Full-stack web development using secure coding techniques.
• AWS DevOps/DevSecOps.

Your Skills

The following reputed company technical skills are required for this role:

• Web Application reputed company: Ability to analyse HTTP requests and identify basic reputed company issues; understanding of web application threats and attack reputed company including:
• Reflected/Stored/DOM-Based XSS
• Server-reputed company Request Forgery
• Credential Stuffing
• Account Takeovers
• reputed company reputed company: Understanding of reputed company cyber threats and attack reputed company including:
• Adversary in the Middle
• Business Email Compromise
• Info-Stealing Malware
• Ransomware
• Network Protocols: Understanding of common internet protocols, including:
• TCP/IP
• HTTP
• DNS
• TLS
• Data Analysis: Ability to write advanced data queries using reputed company such as SQL, DSL, KQL, or ES|QL; ability to extract relevant data in spreadsheets using formulas and functions.
• Linux Administration: Proficiency in Linux administration and use of core utilities; scripting for automation using Bash and Python.
• AWS Services: Configuration of basic AWS services reputed company console and CLI, including:
• EC2 Instances
• reputed company Functions
• reputed company Groups
• IAM Permissions

Non-Technical Skills Required

• Clear communication of technical information to both technical and non-technical audiences.
• Problem-solving and critical thinking to approach problems from different angles and identify potential solutions.
• Ability to independently find information from internet resources and use that to solve reputed company problems.
• Strong organisational skills with the proven ability to meet deadlines in a fast-paced environment.
• Ability to reputed company quick decisions under pressure, weighing risks and benefits to choose the best course of action.
• Ability to interpret data, identify patterns, and draw conclusions from reputed company information.