EMPREGO

Detection Engineer

IBM-Dublin, Ireland

Introduction

As part of our detection engineering team in IBM Security, you will operate within a realm of constant change and be the vanguard in identifying and countering sophisticated threats. This role goes beyond the traditional boundaries of mere threat detection. It's about proactive threat hunting, in-depth analysis, and being one step ahead in the rapidly evolving cyber threat landscape. You will work with one of the world's best threat intelligence and incident response teams to understand the cyber threat adversaries and the approaches to investigate. You will build new detections for our SIEM and EDR products. Your insights and innovations will power IBM products to detect, triage, and respond to new threats to help our users to stay ahead of threats.

Your Role and Responsibilities

Responsibilities:

  • Collect, process, and contextualize existing detections from internal teams and 3rd-party sources
  • Leverage internal and external threat intelligence to create new detections of adversary TTPs
  • Identify detection gap continuously with MITRE ATT&CK framework
  • Measure detection efficacy to continuously improve detection
  • Adopt the ""Detection-as-Code"" approach in detection engineering
  • Work with data scientists and software engineers to create new enrichment modules or machine learning models
  • Analyze the telemetry from IBM security products to identify ways to improve their efficacy through new detection, enrichment, or response content

IESFT_24

Required Technical and Professional Expertise

  • Experience in designing new detections for EDR and SIEM platforms with a firm understanding of endpoint, network operations and how cyber actors exploit them.
  • Experience in building tests for detections including building red-team attacks
  • Experience with scripting and software development.
  • Experience with SIGMA, KQL, STIX, and other detection languages
  • Proficiency in various programming languages such as Python, C++, Java, or Ruby

Preferred Technical and Professional Expertise

  • Experience in reverse engineering of PE files
  • Active participation in the cybersecurity community
  • Innovative mindset with the drive to constantly think about ways to improve and build new capabilities to enhance our ability to detect, understand and respond to threats
  • Knowledge of security compliance standards such as HIPAA, PCI, FISMA, and GDPR

Being an IBMer means you’ll be able to learn and develop yourself and your career, you’ll be encouraged to be courageous and experiment everyday, all whilst having continuous trust and support in an environment where everyone can thrive whatever their personal or professional background.

Our IBMers are growth minded, always staying curious, open to feedback and learning new information and skills to constantly transform themselves and our company. They are trusted to provide on-going feedback to help other IBMers grow, as well as collaborate with colleagues keeping in mind a team focused approach to include different perspectives to drive exceptional outcomes for our customers. The courage our IBMers have to make critical decisions everyday is essential to IBM becoming the catalyst for progress, always embracing challenges with resources they have to hand, a can-do attitude and always striving for an outcome focused approach within everything that they do.

Are you ready to be an IBMer?