Sr. Threat Detection Engineer - REMOTE

RADPelat
ADP is hiring a Sr. Threat Detection Engineer
Job is 100% REMOTE

• Are you a technologist, first and foremost, who approaches every problem wearing that hat while going out of your way to champion secure development creativity and build diverse, engaged teams?
• Are you looking to join a dynamic, inclusive team environment with a culture of collaboration and belonging?
• Are you empathetic to client needs, the people you work with, and internal partners motivated to drive success?

Well, this may be the role for you. Ready to make your mark?
In this role, you will work with Global Security teams from Critical Incident Response Center (CIRC), Threat Intelligence, Threat Hunting, Red Team, and AppDev, to create and drive threat detection to protect ADP assets.
You will help lead efforts to design/define/create requirements to develop prevention, detection, and response capabilities within ADP Cyber security platforms.
You will collaborate with other Detection Engineers to design, build & maintain cyber alert catalogs.
You are keen on promoting the use of innovative new technology and best practices for evolving security objectives.
You can present your ideas clearly, professionally on paper, in person, on video calls, and over the phone.
You have solid experience analyzing and defining solutions, maintaining and enhancing existing solutions, and participating in the delivery of projects.
You enjoy mentoring, brainstorming new concepts, and providing guidance for your team members.
You can work with partners in IT, Ops, and Engineering to provide support for troubleshooting Production issues.
Our best engineers are enthusiastic creators who stay current on new ways of optimizing threat detections and processes and enhancing business intelligence automation. They're always looking for new ways to improve detection quality.
To thrive in this Sr. threat detection career, you'll need to be an expert in SOAR Development and coding in Python and SQL.
You'll need an understanding of leveraging APIs to pull and push data from different data sources to update records in the SOAR platform.
WHAT YOU'LL DO:
Here's what you can expect on a typical day in the life of a Lead Security SOAR Developer at ADP.

• Develop advanced alerting capabilities based on threat intelligence, post-incident findings, new threats, and vulnerabilities.
• Maintain an expert-level understanding of attacks, vectors, and emergent threats.
• Develop new detection for our SOAR platform based on specific requests from stakeholders, threat intelligence, threat hunting.
• Collaborate regularly with our CIRC and threat management to understand their requirements and needs.
• Experience with creating and implementing content in EDR, NDR, and SOAR.

• Stay updated with the latest threats and familiar with APT and common TTPs to integrate knowledge into new detections.
• Contribute to the development and updating of SOPs.
• Ability to provide content on deliverables, including written reports and technical documents, SOPs and configuration guides, and training and briefing materials.
• Work closely with the CIRC, Threat management team, and engineering teams to improve and build new tailored security detections.
• Analyze CIRC alert statistics and workflows to reduce false positives and properly focus engineering efforts.
• Provide design support on ways to improve detection and response capabilities.
• Provide backup support to the CIRC team when necessary.
• Help mature CIRC playbooks, workflow automation, and use cases to protect ADP assets.
• Build detection logic utilizing security logs to detect malicious activity with high fidelity across a broad set of detection cyber use cases.
• Act as a subject matter expert in multiple areas: security log signals from Linux, macOS, Windows, EDR, NDR, and cloud.
• Create, track, and iterate on metrics of the detection engineering process to show progress towards goals and track gaps in detection coverage.
• Build new security detections to support daily operations and faster, more accurate identification of threats.
• Collaborate on ways to improve detection and response capabilities.
• Leverage threat intelligence and intrusion data of adversary behaviors to create new high-fidelity security detections.
• Participate in Purple Team Exercises focusing on discovering improvement opportunities.

Qualifications:

• 5 years+ experience in threat detection or threat hunting
• Strong analytical skills and cross-functional knowledge across multiple security disciplines.
• Strong interpersonal, verbal presentation, and written communication skills.
• Strong knowledge and working experience with databases and data warehouse technologies and solutions.
• Strong working experience with systems automation in a major scripting language (Python, PowerShell).
• Strong experience building detection logic utilizing security logs to detect malicious activity with high fidelity across a broad set of detection use cases.
• Strong project/program management experience.
• Working experience with one or more cloud providers, such as Amazon Web Servicesor Microsoft Azure.
• Familiar with interpreting the log output of a wide selection of network and host device classes(HIDS, NIDS, Firewalls, Proxies, Routers, Switches, WAFs, Servers, Desktop Controls, Endpoint Protection, etc.).
• Functional experience with text and data representation and manipulation (XML, HTML, Regular Expressions, JSON, REST, SQL).
• Packet-level behavioral familiarity with most major TCP/IP application protocols ( DNS, SMTP, HTTP, BGP, LDAP, IMAP, SSH, FTP, KRB5, DHCP, CIFS).
• Experience working with SIEMand SOAR
• Creative thinker that leverages unconventional and innovative ideas to solve problems.
• Ability to communicate security-related concepts to a broad range of technical and non-technical staff.
• Must possess a high degree of integrity, be trustworthy, and have the ability to work independently.

The targeted base salary range for this role is listed in the compensation section below. Actual salary may be above or below this range based on factors such as location, skills, and relevant experience. In addition, this position may include additional compensation in the form of bonus, equity, or commissions.
If you are a full-time salaried or hourly worker, we offer the following benefits:

• Medical, Dental, Vision, Life Insurance, Matched 401(k), Student Loan Repayment Program, Wellness Program, Short- and Long-Term Disability, Charitable Contribution Match, Holidays, Personal Days & Vacation, Paid Volunteer Time Off, and more.

Compensation for US Nevada residents: $69,600- $153,300
Explore our COVID-19 page https://tech.adp.com/covid19/ to understand how ADP is approaching safety, travel, the hiring interview process, and more.
Diversity, Equity, Inclusion & Equal Employment Opportunity at ADP: ADP affirms that inequality is detrimental to our associates, our clients, and the communities we serve. Our goal is to impact lasting change through our actions. Together, we unite for equality and equity. ADP is committed to equal employment opportunities regardless of any protected characteristic, including race, color, genetic information, creed, national origin, religion, sex, affectional or sexual orientation, gender identity or expression, lawful alien status, ancestry, age, marital status, or protected veteran status and will not discriminate against anyone on the basis of a disability. We support an inclusive workplace where associates excel based on personal merit, qualifications, experience, ability, and job performance.
Ethics at ADP: ADP has a long, proud history of conducting business with the highest ethical standards and full compliance with all applicable laws. We also expect our people to uphold our values with the highest level of integrity and behave in a manner that fosters an honest and respectful workplace. Click https://jobs.adp.com/life-at-adp/ to learn more about ADP's culture and our full set of values.