Staff Detection and Response Engineer

📋 Description

• • As a Staff Detection and Response Engineer at AlphaSense, you will be at the forefront of our defensive security strategy, playing a pivotal role in shaping and executing our capabilities in detection engineering, security orchestration, automation, and response (SOAR), and threat hunting.
• • This critical technical position is instrumental in integrating cutting-edge threat intelligence into high-fidelity detection mechanisms and automating incident response workflows to significantly enhance team efficiency and minimize response times.
• • You will report directly to the Director of Security Monitoring, Detection and Response, and will collaborate closely with the SOC Manager to co-lead our proactive threat hunting initiatives.
• • Your role will involve close partnerships with various cross-functional security teams to architect, build, and scale our overall security operations capabilities, ensuring robust protection for AlphaSense's sophisticated platform.
• • You will join a dynamic and fast-paced security organization that champions automation, embraces engineering-driven approaches, and excels at systematic problem-solving. Our team operates at the nexus of security operations, detection engineering, incident response, and infrastructure security, valuing practical, measurable, and continuously improving solutions.
• • Key Responsibilities:
• • Detection Engineering & Platform Leadership (40%):
• • Architect, design, implement, and meticulously maintain advanced detection rules and sophisticated correlation logic across our SIEM, EDR, and cloud platforms, including AWS and GCP.
• • Spearhead the development of our detection strategy and architecture, ensuring alignment with industry-leading Detection Quality frameworks.
• • Craft high-fidelity detection rules utilizing specialized languages such as SIGMA and YARA-L, ensuring comprehensive threat coverage.
• • Conduct in-depth log source analysis, perform rigorous threat modeling, execute adversary emulation exercises, and maintain precise mapping coverage against the MITRE ATT&CK framework.
• • Proactively conduct detection gap analyses to identify and address coverage opportunities across the entire cyber kill chain.
• • Develop and maintain comprehensive detection playbooks, runbooks, and detailed technical documentation to ensure clarity and consistency.
• • Perform regular detection quality assessments and drive continuous improvement initiatives to enhance our defensive posture.
• • Security Automation (SOAR) & Response Leadership (40%):
• • Develop and implement complex automated response playbooks designed to handle multi-stage incidents efficiently across a variety of security tools.
• • Integrate disparate security tools through robust API connections, including SIEM, EDR, MDM, CASB, ITSM, and threat intelligence platforms.
• • Create sophisticated automated enrichment pipelines that seamlessly incorporate threat intelligence, asset context, and user behavior analytics to provide richer context during investigations.
• • Engineer automated containment actions, such as account disabling, host isolation, and firewall rule updates, to rapidly mitigate threats.
• • Measure and report on the return on investment (ROI) of automation efforts, tracking key metrics like time saved and incident handling efficiency.
• • Provide direct support for Incident Response processes and procedures as required, ensuring swift and effective resolution of security incidents.
• • Threat Hunting Co-Leadership & Execution (20%):
• • Co-lead the organization's threat hunting program in close partnership with the SOC Manager, defining the strategic direction, methodology, and planning of hunting campaigns.
• • Execute proactive threat hunting campaigns by developing and running sophisticated hunt queries across our SIEM and EDR platforms.
• • Analyze large, complex datasets to identify anomalous behavior patterns, including user behavior, process execution, network traffic, and cloud activity.
• • Develop automation and tooling to enhance threat hunting capabilities, leveraging custom Python scripts, Jupyter Notebooks, Osquery, and Velociraptor.
• • Collaborate closely with threat intelligence sources to ensure our hunting campaigns incorporate the latest Tactics, Techniques, and Procedures (TTPs).
• • Contribute to the development of security hypotheses and proactively seek out undetected threats within the environment.
• • Document findings from threat hunts and translate them into actionable detection rules or process improvements.
• • Mentor junior analysts on threat hunting methodologies and techniques.
• • Stay abreast of emerging threats and TTPs to continuously refine hunting strategies and ensure proactive defense.