Threat Detection & Response Architect
Plano, Texas, United States of America
Senior Threat Detection Architect
Trellix is seeking experienced incident response and SOC professionals to help us take the detection and automated response capabilities of our XDR solution to the next level. In the role of Threat Detection and Response Architect you will leverage your IR and SOC experience to define, prioritize, and deliver threat detection and response workflows in the Trellix XDR platform.
Due to the breadth of our native portfolio (DLP, Email, Endpoint AV, EDR, Network, Sandbox, and SIEM) and the 600+ third-party integrations supported by our XDR platform, candidates must have experience responding to threats that span every attack surface of an enterprise environment. Candidates should be visionary in their detection goals while leveraging their experience operating in enterprise environments to deliver practical solutions that maximize value to our customers.
The key responsibilities of this role include:
- Identify threat detection use cases that will deliver extended detection through the correlation of alerts and events produced by our native products and the 600+ integrations supported by our SIEM platform
- Prioritize the correlated threat detection that will deliver the most value to our customers and drive alignment with internal stakeholders (product management, sales engineering, product research, etc.)
- Coordinate threat emulation exercises to validate the feasibility of threat detection use cases; identify product/platform improvements where needed
- Collaborate with product architects, engineers, and threat content developers to communicate requirements for satisfying threat detection use cases
- Define the conditions under which automated investigations should be triggered, the data sources to ingest and process, and how the data should be processed to drive threat contextualization and prioritization
- Define the automated response actions that should be available to the SOC based on the threat profile, the threat severity, and risk tolerance of the organization
- Continuously evaluate if the threats presented in our platform provide the SOC sufficient context, accurate prioritization, and appropriate response actions
- Evaluate industry frameworks and standards for internal adoption to standardize how our teams and systems exchange detection and response workflows
- 7+ years of Security Operations Center or Incident Response experience
- 5+ years of experience writing and tuning security detection and prevention rules
- Experience using EDR and SIEM solutions to detect and analyze threat activity
- Experience using SOAR tools to build playbooks that reduce alert fatigue, improve alert efficacy, augment investigative workflows, and implement remediation actions
- Experience conducting malware analysis, host and network forensics, log analysis, and triage in support of incident response
- A strong understanding of how to investigate threats that span on-prem and cloud environments
- Experience applying cyber threat intelligence to signals provided by security tools to make alerts more actionable
- Experience evaluating the impact of threats to enterprise assets (users, hosts, cloud workloads, etc.) and using this risk assessment to drive prioritization of analysis and remediation efforts
- Experience with industry-wide frameworks and standards like MITRE ATT&CK, STIX, and SIGMA
- Experience with log management platforms such as Splunk, Elasticsearch, Logstash, Kibana – ELK, and Elastic Stack
- Strong knowledge of Windows, Linux, and macOS operating systems
- Strong knowledge of network and security protocols
- Experience working effectively across a geographically dispersed organization
- Ability to explain detection priorities to those without a technical background
- Experience with the Trellix product portfolio including MVISION EDR, Helix, ENS, NSP and NX.
Company Benefits and Perks:
We work hard to embrace diversity and inclusion and encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.
- Pension and Retirement Plans
- Medical, Dental and Vision Coverage
- Paid Time Off
- Paid Parental Leave
- Support for Community Involvement
We're serious about our commitment to diversity which is why we prohibit discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.