Senior Detection Engineer, Threat Detection & Response

Site Name: USA - Pennsylvania - Upper Providence, Cambridge MA, USA - North Carolina - Durham, USA - Pennsylvania - Philadelphia Posted Date: Jan 27 2025 GlaxoSmithKline is seeking a highly skilled and proactive Detection Engineer to join our dynamic CSO team. The successful candidate will be instrumental in developing, implementing, and maintaining advanced systems to detect and neutralize cyber threats and vulnerabilities. With a solid foundation in information security, system monitoring, and incident response, the Detection Engineer will be at the forefront of safeguarding our digital infrastructure. The Detection Engineer will thrive in a fast-paced and dynamic setting that requires quick reflexes, efficient problem-solving, and a proactive approach to cybersecurity challenges. This role is designed for a vigilant and dedicated individual who is ready to take on complex security issues and drive innovation in threat detection and response. Responsibilities: Craft, own, and enhance default rules for our SIEM platform, ensuring robust detection across various data sources and timeframes. Develop and implement SOAR workflows to automate incident response tasks. Document SIEM configurations, detection rules, and incident response procedures. Conduct thorough false positive analysis and contribute to the continuous improvement of our detection capabilities. Design and manage sophisticated security detection systems to pinpoint threats and malicious activities. Refine detection rules and algorithms to minimize false positives and guarantee prompt threat detection. Analyse security logs, alerts, and outputs from diverse sources to interpret potential security incidents. Validate and investigate security incidents, employing a range of tools and methods. Work in tandem with the incident response team to assist in analysing and containing incidents. Stay updated on emerging cybersecurity threats and trends to maintain cutting-edge detection strategies. Regularly reassess and refine the company's security policies and protocols related to detection. Offer technical expertise and training to team members and stakeholders on detection tools and best practices. Lead the development of automated processes for detecting and mitigating security events. Document findings comprehensively, maintaining essential technical documentation. Why You? Basic Qualifications: We are looking for professionals with these required skills to achieve our goals: Bachelor's degree in Computer Science or Information Security, or equivalent professional experience (7+ years). 4+ years of experience acting in a Detection Engineering role. Experience in writing behavioural detection rules for SIEM or WAF. Experience in security monitoring, threat hunting, and incident response. Preferred Qualifications: If you have the following characteristics, it would be a plus: Familiarity with YARA or static detections is advantageous. Knowledge of the MITRE ATT&CK Matrix and experience in building detections within this framework. Skilled in scripting and programming languages, particularly Python, proficiency in writing regular expressions (regex). Understanding of Detection Engineering processes, including backlog prioritization, writing tests. Experience in creating and managing detections for cybersecurity products, and working in a SOC or similar environment is beneficial. Strong analytical skills with a focus on false positive analysis. Comprehensive knowledge of cybersecurity frameworks, threat intelligence, and industry best practices. Exceptional communication and teamwork capabilities. In-depth knowledge of network protocols, operating systems, and secure architectures. Experience with various security technologies, including SIEM, IDS/IPS, and firewalls. Proficiency in scripting or programming languages is a plus. Familiarity with compliance and regulatory frameworks such as GDPR, HIPAA, NIST, or ISO is advantageous. Professional certifications like CISSP, GCIH, Splunk Certifications (SIEM & SOAR), ATT&CK Threat Hunting and Detection Engineering Certification, GIAC Certified Detection Analyst (GCDA), GIAC Cloud Threat Detection (GCTD) or equivalent are highly desirable. #J-18808-Ljbffr

Created: 2025-02-14