Staff Security Engineer - Detection
Gigamon’s Applied Threat Research team is seeking a Staff Security Engineer with a focus on Detection Operations to play a vital role in advancing our security and detection strategy. The person in this role will apply a structured detection engineering process tracking detection capabilities from inception through long term quality control. This process will include the deconstruction of threat actor capabilities, behaviors, and techniques into observable artifacts and the development of detection capabilities for the Gigamon Insight product. The candidate should understand threats that modern enterprises face, be capable of performing network analysis to evaluate detection logic, and be willing to proactively identify detection gaps and strive to overcome and mitigate those gaps.
If you love working with a top-tier research team to solve difficult problems, combat threats and protect customers while also working in a fast-growing dynamic organization, then this is the place for you!
- Leverage partially finished threat intelligence to research threat actor tools, techniques, and behaviors. Work with threat intel team where needed to gain additional context.
- Conduct network and file analysis for the purpose of extracting observable artifacts.
- Differentiate strict and loose components of an attacker behavior to ensure robust detection logic is authored.
- Develop and maintain Suricata signatures, Zeek (Bro) scripts, and file parsers where appropriate to enhance detection capabilities or extend product capabilities.
- Conduct quality assurance and control on draft and deployed detection logic.
- Design and lead detection sprints to significantly expand detection capabilities through a structured research process. Produce analysis and output for long term tracking of detection coverage.
- Work with the data science team to develop, validate, and productize analytics for behavioral detection in the product.
Desired Skills and Experience
- BS in Computer Science or related field (or equivalent experience).
- 3+ years in detection, intelligence, or security operations roles.
- Previous experience in detection operations, signature development, or offensive security.
- Strong ability to author technical indicators and signatures of threat activity.
- Proficient with a programming or scripting language (Python, Go, etc).
- Ability to work independently on multiple projects of various priorities.
- Ability to learn fast and scale with the demands of a fast-growing organization.
- Outstanding communicator with the ability to clearly convey complex ideas and data (in written and spoken formats) to and influence an audience including internal stakeholders and executive leadership.
The Gigamon Applied Threat Research (ATR) team’s mission is to dismantle the ability of an adversary to impact our customers. Our team of expert security researchers, engineers and analysts focuses on continuous research of threat actors and emerging attack techniques while building detection and investigation capabilities leveraging the Gigamon Insight network telemetry and intelligence datasets. The team has the following core functions:
- Threat Intelligence – Research threats to inform detection engineering efforts
- Detection Engineering – Research, build, and maintain high quality detection capabilities for Gigamon Insight
- Security Engineering - Act as User Zero for Gigamon Insight. Research, prototype and validate future functionality for detection and investigation capabilities