Principal Threat Detections Engineer

Remote - USA

Dragos, Inc. logo
Dragos, Inc.
Apply now Apply later

Posted 1 month ago

Are you looking to drive active innovation, ideas, and creativity of new technologies aimed to protect industrial control systems and operational technology environments (ICS/OT)? We are seeking a Principal Threat Detection Engineer who will develop and manage detections for Dragos Threat Intelligence. The primary duty is to work as part of Dragos Threat Intelligence team to understand ICS/OT threats and implement countermeasures against them.
Your work will support detection strategy for the entire Dragos Platform. You will work closely with engineering teams responsible for engine development and ICS/OT protocol and host analysis. Detection development also includes analysis of live data to hunt for novel threats, learning new internal red team techniques, working with the internal vulnerability research group, and understanding ICS-specific protocols and threats.

Responsibilities

  • Identify and prioritize new data sources and their applicability to the detection of advanced adversaries.
  •  Generate innovative threat behavior analytics for discovering historical and emerging threats to industrial networks and devices.
  •  Generate innovative threat behavior analytics for discovering historical and emerging threats to industrial networks and devices.
  •  Write scripts to build attack simulation scenarios and supporting infrastructure, to validate and improve Dragos Platform detection.
  •  Develop detection strategies based on internal and external intelligence reporting, vulnerability research, and red team techniques.
  •  Within internal datasets, hunt for threats to aid in threat discovery and detection development.
  •  Using internally developed and open source detections, manage platform detection coverage and effectiveness against potential threats.
  •  Develop and maintain more advanced detections, including threat behavior, configuration, and modeling analytics, using internal/custom detection engines.
  •  Utilize internal dataset to validate and improve detections.
  •  Liaison with other internal departments to aid with detection engine development, protocol analysis, and asset identification.
  •  Review detection-related material in outgoing reports.
  •  Ensure that all documents, workflows, and processes remain accurate and up-to-date.

Requirements

  • Advanced understanding, working knowledge of common open source detection tools (Yara, Snort, Zeek, Suricata, Python, GO) used to develop detections.
  • Working knowledge of MITRE ATT&CK and Kill Chain Frameworks.
  •  8+ years of information security experience working as a SOC analyst, security content developer, and/or security engineer.
  • The ability to design and implement Continuous Integration development programs for detection content.
  • Technical point of contact and company-wide expert for high visibility projects, responding to product manager, engineering, and non-technical colleague requests for information.
  • Ability to understand systems quickly and translate understanding into logic to detect anomalies within the system.
  • Proficient to expert level working knowledge of Network Intrusion Detection systems and developing capabilities in their respective platforms.
  • Experience working with geographically dispersed teams and customers.
  • Excellent interpersonal skills and ability to see things through the customer’s eyes yet still able to speak authoritatively and confidently while balancing respect and tact.
  • Draw from your industry expertise in understanding how an attacker would behave and translate it to custom behavioral detection content.

Nice to Have

  • Working knowledge of a low-level language [C, C++, etc.).
  • Experience with industrial control systems/operational technologies and its networking protocols.
  • Work experience within a cyber threat intelligence environment.
  • Advanced data analytics or working knowledge of artificial intelligence.  
Dragos seeks passionate, hard-working, fun-loving, small-ego, big-brained people. Our tagline is “Safeguarding Civilization” not because we think highly of ourselves, but because the problems we are solving are critically important, today and in the years to come.
We offer competitive salaries, equity, and a comprehensive benefits package including medical, dental, vision, disability, 401K and life insurance.
Dragos is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse workforce. Come join us!
Job tags: High visibility Open Source Point of contact Python Research Security
Job region(s): North America
Share this job: