Principal - Threat Intel

Job Description

When you join Verizon

Verizon is one of the world’s leading providers of technology and communications services, transforming the way we connect around the world. We’re a human network that reaches across the globe and works behind the scenes. We anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together—lifting up our communities and striving to make an impact to move the world forward. If you’re fueled by purpose, and powered by persistence, explore a career with us. Here, you’ll discover the rigor it takes to make a difference and the fulfillment that comes with living the #NetworkLife.

What you’ll be doing...

The Threat Library team is a highly experienced, global team of threat detection engineers supporting multiple products in the Verizon Business Group Security Solutions portfolio. The team has a combined experience of more than 50 years in large-scale incident analysis and detection engineering across a vast collection of technologies. The core responsibility of the team is to provide actionable threat detection content on multiple SIEM platforms in order to protect our global customer base. The team works closely with operational teams such as our SOC Analysts and Client Security Engineers, but also Product Engineering and Development teams in order to continuously improve the service we collectively provide to our customers. The Threat Library team, through Verizon, is a research partner of the MITRE Engenuity Center for Threat-Informed Defense (CTID) and has contributed to multiple research projects which have been released to the public.

Verizon is hiring a Principal Detection Engineer (Principal-Threat Intel) to join the Threat Library team. In this position, you will be an expert in the threat detection engineering / security analytics and security intelligence domain.

• Research, develop, test, document and implement global threat detection content across one or more SIEM platforms and any tuning required post-implementation as prioritized based on emerging threats/TTPs, MITRE ATT&CK coverage, strategic planning or requests from other teams.

• Validate and curate existing content periodically.

• Support escalations in the context of threat detection.

• Technically enable stakeholder teams strategically in the context of threat detection and SIEM expertise through research/detection briefs, internal workshops, process documentation or reporting.

• Produce & present clear and actionable reports to the team, stakeholders and management around threat detection efficacy and gaps.

• Contribute to the team's Jira backlog.

• Contribute to the team's strategic direction with regards to prioritization and planning.

• Act as a spokesperson for the team in-region and educate stakeholders on Threat Library.

• Collaborate with stakeholder teams and lead joint tracks and recurring meetings.

• Challenge the way we work every day, constantly looking to improve processes, tooling and the product we deliver.

• Rigorously file bugs and feature requests to safeguard our high quality standards and drive innovation.

• Work with platform vendors where required.

• Support peers by conducting peer reviews or providing input upon their request.

• Mentor/guide junior team members.

What we’re looking for...

You’ll need to have:

• Bachelor's degree or four or more years of work experience.

• Six or more years of relevant work experience.

• Relevant work experience working with SIEM platform(s) (Splunk / QRadar / Microsoft Sentinel / Elastic / SumoLogic / ...) Intrusion Detection/Prevention or Endpoint Detection & Response.

• Detection Engineering work experience.

• Demonstrated experience of development, testing and tuning threat detection content on at least one SIEM platform.

• Experience with search query languages such as SPL (Splunk), KQL (Microsoft), KQL/Lucene (Elastic)

• Excellent knowledge of the current threat landscape.

• Knowledge of modern analytical techniques and concepts for use in threat detection content.

• Knowledge of cyber threat intelligence and leveraging it to produce actionable detections.

• Deep familiarity with the MITRE ATT&CK framework.

• Good understanding of general SIEM engineering and key concepts (parsing, enrichment, normalization).

• Demonstrated experience in at least 2 of the following domains relevant to security and telemetry used for detection content: Windows and Active Directory (AD); Endpoint Detection & Response (EDR); Amazon Web Services (AWS); Microsoft Azure/O365; Google Cloud Platform (GCP); Operational Technology (OT) - Industrial Control Systems (ICS), SCADA, PLC; Internet of Things (IoT).

• Working knowledge of major protocols in the OSI Model (TCP/IP, DNS, HTTP, SMTP, ...) and how they're used (and abused by threat actors) today.

• Working knowledge of security architecture.

• Willingness to travel.

Even better if you have one or more of the following:

• Excellent problem solving skills.

• SANS GIAC (GCIA, GCIH, GREM, GCFA, GPEN, GCPN, GXPN, GMON, GCDA, GCTI, GRID, GDAT) or similar technical security certification(s).

• Strong analytical, communication, documentation and collaboration skills.

• Strong passion for understanding cyber trends, TTPs, emerging threats and how to produce actionable and effective detection rules / content.

• Ability to lead projects, tracks, tasks and perform well under pressure.

• Previous experience as a SOC/CERT/CSIRT analyst.

• Previous experience in incident response / digital forensics.

• Experience managing threat detection in an MSSP/multi-tenant environment.

• Experience with version control systems or Continuous Integration and Continuous Delivery (CI/CD).

• Experience in threat modeling.

• Contribution(s) made to community-driven detection repositories (e.g. Sigma).

• Published research articles or presented on security conferences.

• Experience in malware reverse engineering.

• Experience in cyber threat intelligence, threat actor tracking.

• Experience in threat hunting across a wide array of telemetry sources.

• Experience in penetration testing/red or purple teaming.

• Knowledge of big data analytics: supervised/unsupervised machine learning, neural networks, deep learning, streaming & batch analytics.

• Knowledge of modern operating systems, their architectures and exploitation techniques: Windows, Linux/Unix, OS X.

• Leadership, mentoring and training skills for junior team members to help advance overall capabilities of the team.

• Experience in scripting / Jupyter notebooks (Python).

If Verizon and this role sound like a fit for you, we encourage you to apply even if you don’t meet every “even better” qualification listed above.

This hybrid role will have a defined work location that includes work from home and assigned office days as set by the manager.

Where you’ll be working

In this hybrid role, you'll have a defined work location that includes work from home and a minimum eight assigned office days per month that will be set by your manager.

Scheduled Weekly Hours

40

Equal Employment Opportunity

We’re proud to be an equal opportunity employer - and celebrate our employees’ differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.