• Analysis experience and proficiency in one or more of the following functional areas: Endpoint (MDR), Cloud/SaaS, Identity, Email, SIEM
• Proven experience with automation and orchestration to effectively handle an extreme volume of telemetry and logs in a timely and efficient manner
• Strong written communication skills, and abilities to work in a team-centric environment
• Strong analytical thought-process and critical thinking skills to translate disparate activity into the realm of threat analysis
• Open-source intelligence research skills used in a fast-paced operational environment, and the ability to apply those findings within the analytical workflow to identify threats
• Experience leveraging Mitre ATT&CK framework, and familiarity with other alternative attack frameworks and threat models
• Familiarity with backend data structures used for security analysis (JSON, YAML, etc.)
• Experience using query languages and understanding syntax across EDR or other security platforms (SQL, K, Lucene, etc.)
• Experience creating and tuning detectors/rules using commonly known tools such as YARA, SIGMA, Snort, Splunk, Elastic, etc

Desirable

• The Cyber Incident Response Team (CIRT) continues to push the boundaries of threat detection and response with a unique combination of operations, threat research, and engineering in tight integration with the development team that designs our analysis platform and the Red Canary Threat Detection Engine
• The security landscape is always shifting and introducing new adversaries. The Red Canary CIRT operates 24/7 to track down threats using the entirety of our customer’s data and deliver fast and practical detections to our customers
• This is not a role where you are encouraged to passively accept the current state
• Use Red Canary’s detection platform to analyze EDR telemetry, alerts, and log sources across several detection domains (Endpoint, Identity, SIEM, Cloud/SaaS, etc.)
• Publish threats for customers using concisely-written communication while effectively conveying key and important indicators
• Detector Development: Research coverage opportunities then create new detectors, and tune existing ones
• Improve the CIRT workflow through orchestration & automation
• Provide mentorship to your peers and communicate effectively with others for efficient cross-team collaboration
• This person must be okay working a 5pm to 3am MT shift, Wednesday - Saturday.

• The application deadline is August 9th, 2024