Security Detection Engineer

About Us
Thrive is a rapidly growing technology solutions provider focusing upon Cloud, Cyber Security, Networking, Disaster Recovery and Managed Services.  Our corporate culture, engineering talent, customer-centric approach, and focus upon “next generation” services help us stand out amongst our peers.  Thrive is on the look-out for individuals who don’t view their weekdays spent at “a job”, but rather look to develop valuable skills that ignite their passion and lead to a CAREER.  If you’re attracted to a “work hard, play hard” environment, seeking the guidance, training, and experience necessary to build a lucrative career, then welcome to THRIVE!!

Position Overview

We're looking for a Security Detection Engineer to spearhead the advancement of Thrive's cybersecurity detection program. This role is crucial for driving the development of alerting rules, hunts, queries, and reports, as well as implementing and refining SIEM & Detection tooling and procedures. The ideal candidate will analyze attacker tactics, techniques, and procedures (TTPs), developing countermeasures and collaborating with our team to fortify security controls. Responsibilities include guiding the SOC team in improving threat detection, managing security gap analyses, and overseeing the Security Lab for testing attack methods. Additionally, this position involves researching emerging threats to refine detection strategies and managing KPIs to track and enhance the effectiveness of our threat detection efforts.

Primary Responsibilities

• Responsible for the development and continuous improvement of Thrive’s cybersecurity detection program
• Drive continuous development of all new alerting rules, hunts, queries, and reports
• Develop, implement, document, and maintain SIEM & Detection tooling, standard operating procedures, attack signatures and test scripts
• Implementation and management of API security measures, ensuring secure data transmission and compliance with industry-standard API security protocols
• Analyze attacker TTPs and build countermeasures to detect and/or stop them using endpoint telemetry
• Work with security analysts and engineers to develop security controls based on threat model and gap
• Provide guidance and support to the SOC team in enhancing threat detection capabilities.
• Design and manage Thrive’s gap analysis and threat modeling processes
• Management of the Security Lab and responsible for testing new and existing TTP’s and attacks
• Research threats, malware and novel behavioral techniques and then apply that research to build or tune detection rules and analytics
• Develop and manage KPIs to measure and enhance the effectiveness of our threat detection strategies
• Other duties as required

Qualifications/Required Skills

• Bachelor’s degree in computer science, Information Technology, or a related field.  
• Relevant certifications (e.g., Security+, CySA+, Network+)
• 3-5 years of experience in cybersecurity or a related field
• Firm understanding of attacker tactics, techniques, procedures and means of detection
• Solid understanding of the MITRE ATT&CK and Cyber Kill Chain frameworks
• Understanding of common enterprise technologies and logging capabilities including Cloud, IDS/IPS, Firewalls, Active Directory, Anti-Virus/EDR, Proxies, and Email Gateway
• Ability to engineer creative, scalable, and out-of-the-box solutions
• Stay up to date with engineering best practices, security technology trends, tools, and frameworks
• Experience with scripting languages (e.g., Python, PowerShell)
• Knowledge of cloud security platforms (e.g., Azure, AWS, GCP)
• Must be able to work effectively in a team environment and collaborate within the team and other stakeholders
• Familiarity with common security technologies, such as firewalls, intrusion detection/prevention systems, and antivirus software
• Basic understanding of networking concepts and protocols (TCP/IP, DNS, HTTP).
• Strong problem-solving and analytical skills
• Excellent communication and interpersonal skills
• Ability to work independently and as part of a team.
• Ability to communicate security information to non-technical people
• Demonstrates comprehension of good security practice
• Knowledge of risk assessment tools, technologies and methods

Apply