Find Your Next Career
Customer Success Manager
Customer Success Manager
Customer Success Manager
Named Account Manager
Regional Account Manager - Healthcare
Enterprise Account Manager
Trellix Channel Account Manager for Telefonica
Software Development Engineer
Technical Support Engineer - French Speaking
Technical Program Manager (FedRAMP)
Senior Director, Customer Success Management, Public Sector
Threat Intelligence - Security Researcher
Commercial Account Manager
Software UI Developer
Cloud Operations Engineer
Program Manager
Senior Software Development Engineer- Cloud
Cloud Engineer
Enterprise Account Manager
Inside Sales Account Rep
Account Manager - Brazil
Account Manager Belgium
Account Manager - Mexico
Director Customer Experience Architecture
Principal Software Development Engineer (Microservices, Cloud, Linux, Distributed Systems)
Inside Sales Rep
Inside Sales Rep
Enterprise Account Manager - Northern Italy
Government, Healthcare, Education Commercial Account Manager
Commercial West Account Manager
Cloud Operations Engineer
Cloud Operations Engineer
Cloud Operations Engineer
Regional Marketing Manager DACH, Italy & Eastern Europe
New Business Enterprise Inside Sales Rep Spanish Market
Cloud Engineer
Principal Software Development Engineer (Windows C/C++)
New Sales Commercial Account Manager
Threat Intelligence - Security Researcher
Sr. Data Science Manager
CEO Chief of Staff
New Business Enterprise Inside Sales Rep UK market
New Business Enterprise Inside Sales Rep Fluent French Speaker
New Business Enterprise Inside Sales Rep Sweden/Denmark market
New Business Enterprise Inside Sales Rep Fluent German speaker
New Business Enterprise Inside Sales Representative Switz/Austria Market
HR Associate
NA Commercial Account Manager
NA Commercial Account Manager
Enterprise Associate Sales Account Manager
View all jobs

Senior Threat Detection & Response Architect

ID: JR0030289

US, Texas, Plano
Remote United States
US, Massachusetts, Boston

Job Title:

Senior Threat Detection & Response Architect

Role Overview:

Trellix is seeking experienced incident response and SOC professionals to help us take the detection and automated response capabilities of our XDR solution to the next level. In the role of Threat Detection and Response Architect you will leverage your IR and SOC experience to define, prioritize, and deliver threat detection and response workflows in the Trellix XDR platform.

Due to the breadth of our native portfolio (DLP, Email, Endpoint AV, EDR, Network, Sandbox, and SIEM) and the 600+ third-party integrations supported by our XDR platform, candidates must have experience responding to threats that span every attack surface of an enterprise environment. Candidates should be visionary in their detection goals while leveraging their experience operating in enterprise environments to deliver practical solutions that maximize value to our updated

The key responsibilities of this role include:

  • Identify threat detection use cases that will deliver extended detection through the correlation of alerts and events produced by our native products and the 600+ integrations supported by our SIEM platform
  • Prioritize the correlated threat detection that will deliver the most value to our customers and drive alignment with internal stakeholders (product management, sales engineering, product research, etc.)
  • Coordinate threat emulation exercises to validate the feasibility of threat detection use cases; identify product/platform improvements where needed
  • Collaborate with product architects, engineers, and threat content developers to communicate requirements for satisfying threat detection use cases
  • Define the conditions under which automated investigations should be triggered, the data sources to ingest and process, and how the data should be processed to drive threat contextualization and prioritization
  • Define the automated response actions that should be available to the SOC based on the threat profile, the threat severity, and risk tolerance of the organization
  • Continuously evaluate if the threats presented in our platform provide the SOC sufficient context, accurate prioritization, and appropriate response actions
  • Evaluate industry frameworks and standards for internal adoption to standardize how our teams and systems exchange detection and response workflows

Prior experience:

  • 7+ years of Security Operations Center or Incident Response experience
  • 5+ years of experience writing and tuning security detection and prevention rules
  • Experience using EDR and SIEM solutions to detect and analyze threat activity
  • Experience using SOAR tools to build playbooks that reduce alert fatigue, improve alert efficacy, augment investigative workflows, and implement remediation actions
  • Experience conducting malware analysis, host and network forensics, log analysis, and triage in support of incident response
  • A strong understanding of how to investigate threats that span on-prem and cloud environments
  • Experience applying cyber threat intelligence to signals provided by security tools to make alerts more actionable
  • Experience evaluating the impact of threats to enterprise assets(users, hosts, cloud workloads, etc.) and using this risk assessment to drive prioritization of analysis and remediation efforts
  • Experience with industry-wide frameworks and standards like MITRE ATT&CK, STIX, and SIGMA

Additional Qualifications

  • Experience with log management platforms such as Splunk, Elasticsearch, Logstash, Kibana – ELK, and Elastic Stack
  • Strong knowledge of Windows, Linux, and macOS operating systems
  • Strong knowledge of network and security protocols
  • Experience working effectively across a geographically dispersed organization
  • Ability to explain detection priorities to those without a technical background

Desired Experience

  • Experience with the Trellix product portfolio including MVISION EDR, Helix, ENS, NSP and NX

Company Benefits and Perks:

We work hard to embrace diversity and inclusion and encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.

  • Pension and Retirement Plans
  • Medical, Dental and Vision Coverage
  • Paid Time Off
  • Paid Parental Leave
  • Support for Community Involvement

We're serious about our commitment to diversity which is why we prohibit discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.

Share This Job