You want more out of a career. A place to share your ideas freely - even if they're daring or different. Where the true you can learn, grow, and thrive. At Verizon, we power and empower how people live, work and play by connecting them to what brings them joy. We do what we love - driving innovation, creativity, and impact in the world. Our V Team is a community of people who anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together - lifting our communities and building trust in how we show up, everywhere & always. Want in? Join the V Team Life.
What you'll be doing...The Threat Library team is a highly experienced, global team of threat detection engineers supporting multiple products in the Verizon Business Group Security Solutions portfolio. The team has a combined experience of more than 50 years in large-scale incident analysis and detection engineering across a vast collection of technologies. The core responsibility of the team is to provide actionable threat detection content on multiple SIEM platforms in order to protect our global customer base. The team works closely with operational teams such as our SOC Analysts and Client Security Engineers, but also Product Engineering and Development teams in order to continuously improve the service we collectively provide to our customers. The Threat Library team, through Verizon, is a research partner of the MITRE Engenuity Center for Threat-Informed Defense (CTID) and has contributed to multiple research projects which have been released to the public.
Verizon is hiring a Principal Detection Engineer (Principal-Threat Intel) to join the Threat Library team. In this position, you will be an expert in the threat detection engineering / security analytics and security intelligence domain.
Research, develop, test, document and implement global threat detection content across one or more SIEM platforms and any tuning required post-implementation as prioritized based on emerging threats/TTPs, MITRE ATT&CK coverage, strategic planning or requests from other teams.
Validate and curate existing content periodically.
Support escalations in the context of threat detection.
Technically enable stakeholder teams strategically in the context of threat detection and SIEM expertise through research/detection briefs, internal workshops, process documentation or reporting.
Produce & present clear and actionable reports to the team, stakeholders and management around threat detection efficacy and gaps.
Contribute to the team's Jira backlog.
Contribute to the team's strategic direction with regards to prioritization and planning.
Act as a spokesperson for the team in-region and educate stakeholders on Threat Library.
Collaborate with stakeholder teams and lead joint tracks and recurring meetings.
Challenge the way we work every day, constantly looking to improve processes, tooling and the product we deliver.
Rigorously file bugs and feature requests to safeguard our high quality standards and drive innovation.
Work with platform vendors where required.
Support peers by conducting peer reviews or providing input upon their request.
Mentor/guide junior team members.
Bachelor's degree or four or more years of work experience.
Six or more years of relevant work experience.
Relevant work experience working with SIEM platform(s) (Splunk / QRadar / Microsoft Sentinel / Elastic / SumoLogic / ...) Intrusion Detection/Prevention or Endpoint Detection & Response.
Detection Engineering work experience.
Demonstrated experience of development, testing and tuning threat detection content on at least one SIEM platform.
Experience with search query languages such as SPL (Splunk), KQL (Microsoft), KQL/Lucene (Elastic)
Excellent knowledge of the current threat landscape.
Knowledge of modern analytical techniques and concepts for use in threat detection content.
Knowledge of cyber threat intelligence and leveraging it to produce actionable detections.
Deep familiarity with the MITRE ATT&CK framework.
Good understanding of general SIEM engineering and key concepts (parsing, enrichment, normalization).
Demonstrated experience in at least 2 of the following domains relevant to security and telemetry used for detection content: Windows and Active Directory (AD); Endpoint Detection & Response (EDR); Amazon Web Services (AWS); Microsoft Azure/O365; Google Cloud Platform (GCP); Operational Technology (OT) - Industrial Control Systems (ICS), SCADA, PLC; Internet of Things (IoT).
Working knowledge of major protocols in the OSI Model (TCP/IP, DNS, HTTP, SMTP, ...) and how they're used (and abused by threat actors) today.
Working knowledge of security architecture.
Willingness to travel.
Excellent problem solving skills.
SANS GIAC (GCIA, GCIH, GREM, GCFA, GPEN, GCPN, GXPN, GMON, GCDA, GCTI, GRID, GDAT) or similar technical security certification(s).
Strong analytical, communication, documentation and collaboration skills.
Strong passion for understanding cyber trends, TTPs, emerging threats and how to produce actionable and effective detection rules / content.
Ability to lead projects, tracks, tasks and perform well under pressure.
Previous experience as a SOC/CERT/CSIRT analyst.
Previous experience in incident response / digital forensics.
Experience managing threat detection in an MSSP/multi-tenant environment.
Experience with version control systems or Continuous Integration and Continuous Delivery (CI/CD).
Experience in threat modeling.
Contribution(s) made to community-driven detection repositories (e.g. Sigma).
Published research articles or presented on security conferences.
Experience in malware reverse engineering.
Experience in cyber threat intelligence, threat actor tracking.
Experience in threat hunting across a wide array of telemetry sources.
Experience in penetration testing/red or purple teaming.
Knowledge of big data analytics: supervised/unsupervised machine learning, neural networks, deep learning, streaming & batch analytics.
Knowledge of modern operating systems, their architectures and exploitation techniques: Windows, Linux/Unix, OS X.
Leadership, mentoring and training skills for junior team members to help advance overall capabilities of the team.
Experience in scripting / Jupyter notebooks (Python).
If Verizon and this role sound like a fit for you, we encourage you to apply even if you don't meet every "even better" qualification listed above.
This hybrid role will have a defined work location that includes work from home and assigned office days as set by the manager.
We're proud to be an equal opportunity employer - and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.