Security Analytics Content Engineer (US Remote)
Anomali
This job is no longer accepting applications
See open jobs at Anomali.See open jobs similar to "Security Analytics Content Engineer (US Remote)" General Catalyst.Data Science
Atlanta, GA, USA
Posted on Sep 6, 2024
Company Description:
Anomali is headquartered in Silicon Valley and is the Leading AI-Powered Security Operations Platform that is modernizing security operations. At the center of it is an omnipresent, intelligent, and multilingual Anomali Copilot that automates important tasks and empowers your team to deliver the requisite risk insights to management and the board in seconds. The Anomali Copilot navigates a proprietary cloud-native security data lake that consolidates legacy attempts at visibility and provides first-in-market speed, scale, and performance while reducing the cost of security analytics. Anomali combines ETL, SIEM, XDR, SOAR, and the largest repository of global intelligence in one efficient platform. Protect and drive your business with better productivity and talent retention.
Do more with less. Be Different. Be the Anomali.
Job Description:
As a Security Analytics Content Engineer, you will lead the design and production of content detection logic and rules used in Anomali's various technologies. This role is responsible for supporting Anomali’s content detection efforts to become a leader in Security Analytics Market. You will also be responsible for building, deploying and testing all SIEM detection rules and logic .
Key Responsibilities
1. Threat Analysis and Detection: Analyzing various forms of digital content, such as emails, web pages, and files, to detect potential security threats like malware, phishing attacks, or harmful scripts.
2. Deep Dive into TTPs:
Techniques Identification: Identify specific techniques used in the campaign, such as spear phishing, exploitation of public-facing applications, or credential dumping.
Tactics Correlation:
Correlate these techniques with the tactics in the MITRE ATT&CK matrix, which are broad categories describing the objectives of the adversary, such as "Initial Access", "Execution", "Persistence", etc.
Procedures Detailing:
Detail the specific procedures or methods used for each technique. For instance, if the technique is 'spear phishing', the procedure might involve sending emails with malicious attachments tailored to specific individuals
Behavior Mapping:
Map the adversary's behavior to known profiles in the MITRE ATT&CK framework.
3. Development of Detection Rules: Designing and developing detection rules and algorithms to automatically detect harmful content. This involves understanding the latest in machine learning, pattern recognition, and data analysis techniques.
4. Research and Keeping Up-to-date: Staying informed about the latest malware trends, attack vectors, and detection technologies. This involves continuous learning and sometimes participating in cybersecurity research with Anomali's Advanced Threat Research Group.
5. Testing Custom Detection Tools:
Develop Custom Scripts/Tools: If applicable, test custom-developed scripts or tools designed for malware detection.
Machine Learning Models: Evaluate the effectiveness of any machine learning models that have been trained to detect malware.
Qualifications
A Content Detection Engineer typically specializes in identifying and mitigating security threats . This role involves analyzing threat actors , their campaigns, and creating detection rules and algorithms to detect and prevent such attacks. Additionally, the role may create content based on approved customer requests. The role is a blend of cybersecurity knowledge and content analysis skills.
Required Skills/Experience:
o Bachelor’s or Master’s degree (preferred) in Cybersecurity, Computer Science, Information Technology, or a related field. Additional experience and CISSP or relevant certifications will be considered in lieu of degree.
o Proficiency in programming languages such as Python, Java, or C++.
o Proficiency in writing detection rules for Malware and malicious campaigns.
o Ability to analyze and interpret logs and alerts from various security tools.
o Experience with machine learning and artificial intelligence, especially in content recognition and classification.
o Familiarity with data analysis and data mining techniques.
o Experience with tools and techniques for detecting malware, phishing attempts, and other malicious content.
o Knowledge of network security and protocols, including experience with firewalls, intrusion detection systems, and encryption technologies.
o 3+ years of relevant experience in the cyber security space, doing work relevant to the responsibilities of this position.
o Previous experience in content detection or a similar field.
o Hands-on experience with machine learning algorithms and tools.
o Experience in developing and implementing content detection models and algorithms.
o Strong analytical and problem-solving skills.
o Attention to detail and accuracy.
o Ability to work independently and as part of a team.
o Good communication skills, as the role may involve collaborating with other teams and explaining complex concepts to non-technical stakeholders.
o Willingness to stay updated with the latest developments in technology, particularly in areas relevant to content detection.
o This position will include some travel as needed, up to 20%
o This position is not eligible for employment visa sponsorship. The successful candidate must not now, or in the future, require sponsorship to work in the US.
Desired Skills/Experience:
o Specialized courses or certifications in data science, machine learning, or artificial intelligence can be beneficial.
o Certifications in cybersecurity (such as CISSP, CISM, CEH) can be advantageous.
Equal Opportunities Monitoring
It is our policy to ensure that all eligible persons have equal opportunity for employment and advancement on the basis of their ability, qualifications and aptitude. We select those suitable for appointment solely on the basis of merit without regard to an individual's disability, race, color, religion, sex, sexual orientation, gender identity, national origin, age, or status as a protected veteran. Monitoring is carried out to ensure that our equal opportunity policy is effectively implemented.
If you are interested in applying for employment with Anomali and need special assistance or accommodation to apply for a posted position, contact our Recruiting team at recruiting@anomali.com.
This job is no longer accepting applications
See open jobs at Anomali.See open jobs similar to "Security Analytics Content Engineer (US Remote)" General Catalyst.