Threat Detection Engineer - Cybereason

Cybereason's mission is to ‘protect it all’ – delivering unparalleled prevention, detection, investigation, and response for all endpoints: workstations, laptops, mobile devices and more
Our cyber-defence solutions combine machine learning and AI to analyze threats, connecting huge volumes of data to reveal cyber-attacks and shut them down, as well as block intrusion of known and unknown threats. With our latest offerings, we can also seamlessly automate detection and prevention across traditional endpoints as well as mobile devices.

Since entering the Japan market in 2016, we have seen tremendous growth, now holding #1 market share. We are constantly evolving and hope to expand our team with daring individuals that never give up!

As a Threat Detection Engineer, you will be instrumental in the creation, testing, tuning and deployment of threat detections, evaluating their security value, analyzing and assigning the detection to the MITRE attack framework, and streamlining the delivery of security services across the entire scope of our company. You will be required to communicate complex detection capabilities to both technical teams and non-technical senior executives and customers, making your ability to translate intricate technical details into clear, understandable terms a vital asset to our team.

What you will do

• Create and research new ways to tie event telemetry together in new and valuable ways
• Develop, debug and deploy detections
• Continually find ways to streamline processes and re-use of code
• Parse various types of log events into standardized formats regardless of the availability of vendor documentation
• Find creative ways to correlate events that are otherwise indirect
• Produce detection and process documentation
• Collaborate with Global SOC, IR and product related teams on progress or issues
• Perform open source intelligence (OSINT) collection and analysis, identifying relevant indications of cyber threats, malicious code, malicious websites, and vulnerabilities.
• Work to ingest disparate data sources to enrich existing detection set
• Provide mentoring and collaboration with other team members

Key Performance Indicators (KPIs)

• Sense of urgency for high priority deliverables
• Quality and standardization of code
• Impact of contributions to Cybereason Security Services performance in the form of improvements to:
• Detection deployment timelines
• Enrichment and tuning of detections, increasing quality
• Demonstration of creativity and security value
• Adaptability to new processes and technologies

What we are looking for

• 4+ years of relevant experience in the cybersecurity industry, particularly in the areas of detection engineering, red/blue teaming, cyber threat groups, existing attack methods and their resulting log patterns
• 4+ years of experience with query syntax and usage, particularly those applying to log files (Splunk, YARA-L, OPAL, SQL, etc) - simple and complex joins and aggregations
• Foundational understanding of computer networking and modern computer architecture/operating systems
• Familiarity with network and security control products (firewalls, auth systems, MFA, cloud) and vendor and industry standard event logging formats (syslog, CEF, etc)
• Working knowledge MITRE ATT&CK, Lockheed Martin’s Cyber Kill Chain frameworks
• Background and experience in at least 3 of 6 areas is required:
  ・Cyber Threat Intelligence - OSINT, Dark Web, or research
  ・Digital Forensics & Incident Response (DFIR)
  ・Detection Engineering (in support of EDR/XDR/MDR platforms)
  ・SOC operations and analysis
  ・Malware analysis & reverse engineering
  
  

More about working at Cybereason Japan

Our Tokyo and Osaka offices are open, highly supportive and fun! To support you at work, we provide flexible work-life management policies, plenty of food and drinks, paid-leave for supporting your family and health, 401k, fun monthly events such as Premium Fridays and “Lunch & Learn”, as well as career support. You’ll have a chance to work in cooperation with a growing team of over 600 people (and growing!) with teams in Tel Aviv, Boston and other locations around the world.

「働きがいのある会社」として認定 / Great Place to Work® Certified

サイバーリーズン・ジャパンは、Great Place to Work® から、働きがいのある会社であることを認める「働きがい認定」企業として選出されました。 詳細や認定企業一覧はこちらをご参照ください。

Cybereason Japan has been selected and certified by Great Place to Work® as an employee-validated great workplace. Click here for details and a list of certified companies.