Fragomen is seeking a dynamic, experienced Security Engineer – Threat Detection and Disruption to join our talented Cyber Security team in our Technology & Innovation Lab in Pittsburgh.
Our industry-leading, immigration specific technology and infrastructure is undergoing tremendous transformation and security is on the critical path to success in that endeavor. A professional, who is passionate about security, capable of effecting change, and ready to build a strong NetSec program, is what we seek. You will be joining a team of Security Engineers, who will help make security a distinguishing factor in our technological offerings. A successful candidate will help engineer solutions to focus our defensive and response efforts throughout our environment.
What a Security Engineer – Threat Detection and Disruption does at Fragomen:
Refine, validate and exercise our Threat Detection and Disruption program.
Develop detection techniques to protect our evolving environment and technical offerings.
Architect, deploy and maintain our network and endpoint detection tools to reduce our time to alert, triage and mitigation from potential threats.
Deploy, mature and maintain our future logging tier, security event incident management (SIEM) system and alert, triage and response pipeline.
Lead in the evolution of our protection, detection and mitigation capabilities based on experience, evolving threat environment and findings from cyber security incidents.
Participate in a cross-functional response to cyber security incidents.
Develop and maintain strong relationships with key partners to create our detection and threat disruption program.
Participate in threat hunting efforts.
Let’s talk if you have the following experience, knowledge, skills and education:
Ten (10) or more years of practical Threat Detection and Disruption experience.
A passionate team player who builds knowledge and solves complex problems.
Demonstrated knowledge of detection tools with the ability to write signatures (snort, suricata, yara, etc.).
Proficiency in a modern high-level language (Python, Ruby, Node, Go, etc.).
Experience in establishing and maintaining a SIEM (Splunk, ArcSight, QRadar, ELK, etc.).
Proven experience in developing intrusion detection techniques and operational responses.
Experience in architecting and deploying logging technology (syslog, logstash, etc.).
Strong, professional communication skills that maintain under pressure.
A Bachelor’s degree in a related field or a combination of related experience.
These things are great, but not required:
Experience in developing highly automated detection and triage tools.
Knowledge of detection, forensic, security event and incident management, and orchestration tools.
Technical certification that demonstrate technical prowess in DFIR to include GIAC (GCIH, GCFA, GCIA), Offensive Security (OSCP, OSCE, OSEE), and/or Vendor specific (Splunk, QRadar, ELK, etc.).