TDR Lead

Job Description

Senior Threat Detection and Response Engineer / Lead

About Our Organisation

Founded in 2018, our organisation specialises in providing offensive and defensive cybersecurity services for public cloud environments. Our service offerings include penetration testing, red/purple teaming, 24/7 managed security services, PCI DSS QSA assessments, and incident response.

We are an AWS Advanced Tier Services partner and one of only three companies in Australia to have achieved the AWS Level 1 Managed Security Services Provider competency. AWS has recently recognised our rapid growth, naming us as one of the four partners of the year in Australia and New Zealand alongside Crowdstrike, Mantel Group, and PredictHQ.

Our Values

• Customers are our compass: Our customers drive our decision-making processes. We are dedicated to our mission of protecting them and work backwards from that.
• We get things done: When we work on something we own it. We love solving difficult challenges and we never make excuses. We know time is valuable and we dont waste it.
• We are constantly learning: Our team is passionate about what we do and are hungry for knowledge. It excites us that the work we do lets us learn more every day.
• We are creators: There is always a better way and we are obsessed with continually improving how we do things. Invention is in our DNA and we are all about rewriting the rules.
• We take pride in our work: If a jobs worth doing, its worth doing well. We pay attention to detail, deliver quality, and encourage each other to be the best at what we do.

Why Join Us

Heres why passionate cyber professionals choose to work with us:

• We make a real difference: The work we do directly protects the global community from cybercriminals, making the digital world a safer place.
• We are at the forefront of innovation: Our customers are some of the brightest stars in technology, and we work closely with them to secure their cloud-native platforms.
• We are shaping the future of threat detection: We are crafting a cloud-native threat detection service that changes the way modern application environments are protected.
• We unlock potential with continuous learning: We invest in career growth with training programs, attendance at security conferences, and mentorship from cloud security experts.
• We are a collaborative fast-paced team: Our team is made up of experts in the industry who share a passion for cybersecurity and building innovative technology.

The Role

We are looking for a technical lead to join our fast-growing Threat Detection and Response (TDR) team and help us forge a next-generation cloud-native managed security service. This role would suit someone currently in a senior security operations or DevOps role that is looking to take the next step in their career and become an expert in cloud security.

Our philosophy is that solid defense requires intimate knowledge of offensive tactics. Our managed security service leverages our penetration testing and red team expertise to ensure our TDR team is across current cyber-attack techniques. This, combined with our cloud-native tooling and deep understanding of AWS services, allows us to deliver best-in-class protection for AWS customer environments.

The successful candidate will work closely with our experienced offensive security and incident response teams to understand the latest TTPs used in real-world breaches. That knowledge will be used to continually improve our next-generation threat detection service and protect our customers from cyber-attacks. Our customers include start-ups, scale-ups, enterprises, and state/federal government agencies, giving this role exposure to a range of technologies and industry sectors.

Your Responsibilities

Our in-house SIEM platform, built on Amazon Security Lake, ingests telemetry from AWS services, endpoint security products, and third-party SaaS vendors. You will be working with our team to continuously improve the detection and investigation capabilities of the platform. You will use findings from our offensive team engagements and MITRE ATT&CK® Matrices to detect the latest threat IOCs and TTPs used by highly skilled adversaries.

You will be responding to alerts generated by our SIEM platform and investigating complex attack chains to ensure breaches are rapidly discovered and contained. Using penetration testing techniques, you will also validate any security exposures detected by our Attack Surface Management (ASM) platform and review the security of new customer assets identified by the platform discovery engine.

Your Typical Day

This is not a typical SOC role where you wait for SIEM alerts to come through, you will be constantly applying your current skillset across different areas and learning new skills every day. A typical day will include enhancing the capabilities of our TDR service, using exploit POCs to validate real cyber threats, and giving security advice to customers in shared slack channels.

Your daily activities will include the following:

• Investigating and responding to potential cyber threats:
• Ownership through to resolution of alerts generated by our SIEM and ASM platforms.
• Liaising with customers to provide updates on alert investigation status.
• Escalating to our offensive security team for validation of complex exposures.
• Closing alerts with investigation outcomes once appropriate action has been taken.
• Review of new assets discovered by our ASM platform and assessing exposure risk.
• Developing high-signal threat detection rules:
• Tuning existing rules to reduce false positive rates.
• Developing new rules to search and alert on threat activity.
• Engaging our offensive security team for rule testing.
• Building a best-in-class cloud TDR solution:
• Updating event ingestion pipelines to enrich data for threat detection rules.
• Monitoring CloudWatch metrics and modifying AWS service configurations as required.
• Reviewing OpenSearch metrics and modifying index configurations as required.
• Developing and maintaining runbooks that improve our threat detection processes.
• Automating routine tasks such as filtering low-priority alerts and sending notifications.

You will also be using your client-facing and engineering skills to work collaboratively with the broader team on projects and periodic reporting. These activities will include:

• Assistance with onboarding new clients to our TDR and ASM platforms.
• Integration of new log sources for existing TDR clients.
• Generation of reports for our managed service clients.
• Presentation of report content to our managed service clients.

Your Experience

You will need 7+ years experience in one or more of the following areas:

• Cyber security operations covering both endpoints and web applications.
• Full-stack web development using secure coding techniques.
• AWS DevOps/DevSecOps.

Your Skills

The following base technical skills are required for this role:

• Web Application Security: Ability to analyse HTTP requests and identify basic security issues; understanding of web application threats and attack vectors including:
• Reflected/Stored/DOM-Based XSS
• Server-Side Request Forgery
• Credential Stuffing
• Account Takeovers
• Endpoint Security: Understanding of endpoint cyber threats and attack vectors including:
• Adversary in the Middle
• Business Email Compromise
• Info-Stealing Malware
• Ransomware
• Network Protocols: Understanding of common internet protocols, including:
• TCP/IP
• HTTP
• DNS
• TLS
• Data Analysis: Ability to write advanced data queries using syntax such as SQL, DSL, KQL, or ES|QL; ability to extract relevant data in spreadsheets using formulas and functions.
• Linux Administration: Proficiency in Linux administration and use of core utilities; scripting for automation using Bash and Python.
• AWS Services: Configuration of basic AWS services via console and CLI, including:
• EC2 Instances
• Lambda Functions
• Security Groups
• IAM Permissions

Non-Technical Skills Required

• Clear communication of technical information to both technical and non-technical audiences.
• Problem-solving and critical thinking to approach problems from different angles and identify potential solutions.
• Ability to independently find information from internet resources and use that to solve complex problems.
• Strong organisational skills with the proven ability to meet deadlines in a fast-paced environment.
• Ability to make quick decisions under pressure, weighing risks and benefits to choose the best course of action.
• Ability to interpret data, identify patterns, and draw conclusions from complex information.