Description: Our client is currently seeking a Information Security Specialist - Threat Detection to join their growing team protecting one of the world largest, most heavily secured enterprise environments.
This job will have the following responsibilities:
Collaborate with the Cyber Threat Intelligence team to identify and mitigate active or emerging threats targeting American Express.
Conduct basic threat modeling of common environments to pinpoint threat detection opportunities across the MITRE ATT&CK framework.
Partner with platform owners and Cyber Data Engineering to identify necessary telemetry for developing threat detection mechanisms.
Perform in-depth analysis of logs and malicious artifacts.
Analyze large datasets to detect trends and anomalies indicative of malicious activities.
Develop, document, and maintain custom detection queries.
Qualifications & Requirements:
7+ years of experience in Incident Response, Threat Detection, or Threat Hunting.
Extensive exposure to endpoint detection principles, network security principles, and advanced rule writing.
Hands-on experience in a Security Operations Center (SOC) or security engineering environment.
Excellent communication skills and the ability to work effectively in a team and fast-paced environment.
Thorough knowledge of information security components, principles, practices, and procedures.
Analytical approach with familiarity in solving complex security problems.
Understanding of Operating System internals and the ability to analyze malicious code, scripts, and exploits.
Experience analyzing logs and events from endpoint and other security solutions.
Knowledge of network principles, topology, protocol behavior, and security devices (IPS, IDS, HIPS, firewall).
Understanding of authentication principles and technologies, including Active Directory and RACF.
Ability to evaluate threat intelligence and identify TTPs for detection mechanisms at both host and network levels.
Expert knowledge in threat detection and intuition, with a deep understanding of malicious network traffic.
Ability to analyze data from various sources and correlate it to meaningful security events.
Advanced rule/query writing experience in at least one SIEM.
Understanding of content testing, implementation, and revision cycles.
Programming experience in at least one scripting language.
University degree in computer science, computer engineering, or a related field, or equivalent experience.
Preferred certifications: GCIA, GCDA, CISSP, or similar.
Contact: bjohnson@judge.com
This job and many more are available through The Judge Group. Find us on the web at www.judge.com
