Established in 2014 and based in Charleston, South Carolina, Soteria's expertise in the cybersecurity domain is predicated upon the accumulated practical experience across all team members. Soteria's security professionals have held leading positions in private industries, state governments, and federal intelligence communities.
Driven by this combined pool of knowledge as well as the belief that “Security is for Everyone,” Soteria offers advisory services and solutions which are significantly differentiated from the security status quo. Soteria treats each client as a unique case deserving of individualized security insights and specialized hands-on assistance.
About The Role
Join our Detection & Response Team at Soteria, where our Detection Engineers work directly with our Consultants, MDR engineers, and other members of the DART to automate, orchestrate, and secure our detection and response processes and platform. As a Cloud Detection Engineer, you will be responsible for the development of security tooling and detection capabilities, with a focus on cloud platforms (AWS, GCP, Azure).
You will work with our DART to tune existing rules and develop additional logic. You will support our MDR consultants as needed to monitor, investigate, and respond to alerts from our MDR platform. You may occasionally interact with our clients or draft communications. You will be a member of a passionate team of experts ready to assist one another if you should encounter any problems or questions. You will be empowered to guide the growth of the service, design scalable processes, and contribute heavily to the growth of Soteria’s DART and MDR platform.
What You'll Do
- Bringing a passionate and motivated attitude, being focused on having a positive impact on our clients and the team.
- Being a critical contributor to Soteria’s best-in-class detection and response services using telemetry from a variety of sources and threat intelligence-driven detections.
- Understanding how to navigate security and IT telemetry, and how to appropriately classify and investigate suspicious or malicious events.
- Taking part in the creation, development and introduction of modern forensic and security analysis techniques and solutions. Your fervor for growth and improvement at all levels is contagious, and you constantly train and mentor consultants, engineers, and analysts to build the company's overall capacity and capability.
- Adapting to new tools and methods enthusiastically, your approach to technology is pragmatic and adaptable. You view technologies and programming languages as versatile tools with distinct strengths and weaknesses. While you may have strong opinions, you remain open to change and readily embrace new technologies as they emerge.
- Maintaining competence in security trends, technologies, and practices through self-study and attendance to industry events. You are a lifelong learner who truly loves the information security world. You are actively seeking out information and trends and openly sharing with the team.
- Thriving on teamwork and championing the power of collaboration. Working together to achieve shared goals is your mantra, and you actively engage in cross-functional cooperation. You are committed to personal and professional growth and are passionate about supporting your colleagues in their own development.
- Occasionally assisting in digital forensics and incident response matters, such as ransomware, BEC, insider threat, and HR investigations. You are generally familiar with incident response best practices and willing to dive into highly technical investigations wherever needed. You are open to learning new methods and tools to help you grow your forensic skills.
- Meeting regularly with clients to review detections, align detector development efforts with client requirements, and maintain strong partnerships.
Qualifications
- 2+ years of detection engineering or other relevant experience
- Experience with cloud security APIs and telemetry for AWS, GCP, and Azure.
- Thorough knowledge of common tactics, techniques, and procedures used by threat actors
- Knowledge of forensic artifacts available on Windows, Linux, Unix, and MacOS
- Proficiency with detection-as-code pipeline - GitHub, Jira, Elastic, etc.
- Experience managing SIEM tools and as it relates to searching and extracting relevant data for incident investigations and feeding information into and out of such a platform.
- Programming/Scripting experience, preferably working with Python3 and PowerShell.
- Experience with Panther, Lima Charlie, Tines, SentinelOne, and/or Windows Defender is a strong plus.
- Willingness to participate in an on-call rotation that includes work as necessary outside of business hours.
- Strong written and verbal communication skills, with a focus on empathy and patience with clients that may be combative or experiencing extreme stress.
- Position is fully remote - no mandatory travel, elective travel to industry conferences and training events.
