Virginia, US

Security Engineer - Threat Detection and Disruption

Job Description Summary

Fragomen Worldwide, an AmLaw 100 Firm and the leading global immigration services provider, is seeking a Security Engineer – Threat Detection and Disruption to join our talented Cyber Security team. This is a newly created position that will sit in Fragomen's brand new Pittsburgh Immigration Technology Innovation Lab. Our industry-leading, immigration specific technology and infrastructure is undergoing tremendous transformation and security is on the critical path to success in that endeavor. A professional, who is passionate about security, capable of effecting change, and ready to build a strong NetSec program, is what we seek. You will be joining a small team of Security Engineers, who will help make security a distinguishing factor in our technological offerings. A successful candidate will help engineer solutions to focus our defensive and response efforts throughout our environment.

Job Description

Responsibilities:

  • Refine, validate and exercise our Threat Detection and Disruption program
  • Develop detection techniques to protect our evolving environment and technical offerings
  • Architect, deploy and maintain our network and endpoint detection tools to reduce our time to alert, triage and mitigation from potential threats
  • Deploy, mature and maintain our future logging tier, security event incident management (SEIM) system and alert, triage and response pipeline
  • Lead in the evolution of our protection, detection and mitigation capabilities based on experience, evolving threat environment and findings from cyber security incidents
  • Participate in a cross-functional response to cyber security incidents
  • Develop and maintain strong relationships with key partners to create our detection and threat disruption program
  • Participate in threat hunting efforts
     

Requirements:

  • A passionate team player who builds knowledge and solves complex problems
  • Ten or more years of practical Threat Detection and Disruption experience
  • Demonstrated knowledge of detection tools with the ability to write signatures (snort, suricata, yara, etc…)
  • Proficient in a modern high-level language (Python, Ruby, Node, Go, etc)
  • Experience in establishing and maintaining a SEIM (Splunk, ArcSight, QRadar, ELK, etc..)
  • Experience in architecting and deploying logging technology (syslog, logstash, etc..)
  • Experience in developing intrusion detection techniques and operational responses
  • Strong, professional communication skills that maintain under pressure
     

Preferred:

  • Experience in developing highly automated detection and triage tools.
  • Knowledge of detection, forensic, security event and incident management, and orchestration tools
  • Technical certification that demonstrate technical prowess in DFIR to include GIAC (GCIH, GCFA, GCIA…), Offensive Security (OSCP, OSCE, OSEE..), and/or Vendor specific (Splunk, QRadar, ELK, etc..)
  • BA degree in a related field or a combination of related experience is a must

Path Created with Sketch. US-Pittsburgh
Full Time
REQ-002163
Apply for a job