Threat Detection Engineer Job in Bangalore at CRED

CRED is hiring for the role of Threat Detection Engineer!

Responsibilities of the Candidate:

• Work on a diverse domain of information security across the organisation, most important infrastructure and data security
• Responsible identifying security issues (external as well as internal), help stakeholders to mitigate and at frequent occasions build a solution around some of the complex problem statements implement/maintain security for cloud-based systems/applications
• Formulate new detection ideas based on newly-published research, industry trends, or major incidents.
• Respond to security incidents and think of how to prevent such incidents
• Develop and enhance the cred’s detection, monitoring and response capabilities
• Automate various security incident responses using playbook
• Build in-house security analytics solutions using open source tools (log parsing, event correlation and threat detection)
• Research/conduct threat hunting operations using known adversary tactics, techniques and procedures to detect advanced threats
• Build in-house security frameworks to establish a state of art security culture inside tech
• Be responsible to track security incident responses across the organisation
• Assist with creating security awareness and maintaining prudent security engineering culture within an organisation
• Enable compliance in teams and help them achieve some of the industry’s best practices (e.g. pci dss, iso 27001)

Requirements:

• Proficiency in one of the programming languages (python, golang, bash)
• The ability to be a go-to person and communicate effectively with stakeholders (engineers, product, business teams)
• An understanding of mitre att&ck, cyber kill chain, diamond model
• Knowledge in operating centralised log analysis tools - elk, splunk, etc
• Experience with deploying custom-built and scalable security solutions & enterprise or open-source security tools - siem, ids/ips, edr, fim, pam
• Experience with handling incident response life-cycle (detection, identification, containment, analysis, remediation and reporting)
• The ability to read packet capture or memory dumps and create regex on the fly.
• A git hub profile, blog or a conference presentation
• The ability to influence organisations and stakeholders by practising a data-driven approach
• Ability to be proactive in keeping yourself updated with security news/issues/breaches/tools/blogs on the internet
• The zeal to explore diverse domains of information security and have a fast learning curve
• The ability to distill complex security threats and risks into simple terms for non-security (and even non-technical) stakeholders.