A Threat Detection and Response Engineer is an individual contributor within the Threat Operations team. We desire engineers who can think creatively about security threats, how to detect them, and how to respond to them. We encourage exploration and an eagerness to share when there are unique ideas or perspectives you can bring to a challenge. We don’t just close alerts in Threat Operations, we are active in developing automations, identifying detections and responding to threats at Thought Machine.

Duties

• Develop, integrate, and operate security event detection and incident management services.
• Automate repeatable incident response workflows to minimise the amount of manual work required in incident response.
• Maintain documentation to ensure the repeatability and standardisation of incident response procedures.
• Support our response to security incidents as they occur as part of an incident response rotation, helping manage incident response throughout the incident lifecycle.
• Perform investigation and analysis of security incidents in collaboration with engineers across the company.
• Participate in the team on call rotation (compensated).

Requirements Essential

• 1 2 years experience with logging and incident detection platforms, creating new detections, triaging alerts and conducting security investigations.
• Experience in threat detection, incident response or threat intelligence.
• Experience in operating system logging for investigations (Windows Event Log, Sysmon, Journalctl or Auditd).
• Coding experience in Python or Go.
• Comfortable using the command line in Linux or MacOS environments.
• Creative thinking and analytical skills with focus on incident and threat investigations.
• Strong interpersonal and communication skills to support collaboration with other teams during investigations.

Desirable

• Familiarity with cloud or containers technology (AWS, GCP, Azure, Kubernetes, Docker).
• Familiarity with Elasticsearch.
• Contributions to the security community (open source tools, public research, blogging, presentations, etc).

We actively hire candidates who demonstrate technical excellence in their field and welcome people of all ages and backgrounds, providing everyone with equal access to professional development. You are encouraged to apply even if your experience doesn’t accurately match the job description. We also encourage applications from those with different abilities, including candidates with ADHD, autism, dyslexia or dyspraxia.