[Remote] Detection & Response Engineer

Note: The job is a remote job and is open to candidates in USA. Expel is a fast-growing cybersecurity company focused on managed security solutions. The Detection & Response Engineer will enhance threat detection capabilities, improve SOC analyst efficiency through automation, and contribute to the development of detection strategies within the company.

Responsibilities

• Implement, maintain and iteratively improve Expel's ability to detect and investigate threats using integrated technologies with limited direction
• Contribute to the growth of Expel’s detection strategy and capability through creation of detections for Expel’s proprietary rule engine
• Maintain documentation in support of Expel’s detection and response content
• Improve SOC analyst efficiency by automating investigative workflows using an orchestration framework written in Python
• Evaluate technology APIs to design detection and response solutions to contribute to improving the value and efficiency in Expel’s Workbench platform
• Contribute to and thrive in a culture of experimentation, agile, quality and continuous improvement among the team
• Participate in the team’s research and monitoring of the latest threat landscape and subsequent detection and response automation development

Skills

• 1+ years of experience with detection and response tools, particularly EDR, NSM, and SIEM
• 1+ years of experience writing, deploying and tuning custom detections based on research or investigative work against common data sets (Windows Event Logs, auditd, CloudTrail, and similar datasets.)
• Proficiency of Python, Go or other object oriented programming languages
• Strong understanding of Windows, macOS and Linux operating systems and command line tools
• Knowledge of networking basics, such as TCP/IP and OSI model
• Working knowledge and observations of attack vectors, threat tactics, and attacker techniques
• Understanding of cloud infrastructure platforms and their Identity and Access Management (IAM) models
• Bachelor's degree in Computer Science or Information Security strongly preferred
• 3+ years of professional experience in information technology or security operations would be ideal but not required

Benefits

• Unlimited PTO (which we model and encourage)
• Work location flexibility
• Up to 24 weeks of parental leave
• Really excellent health benefits

Company Overview