Junior Detection Engineer

Blackpoint Cyber is the leading provider of world-class cybersecurity threat hunting, detection and remediation technology. Founded by former National Security Agency (NSA) cyber operations experts who applied their learnings to bring national security-grade technology solutions to commercial customers around the world, Blackpoint Cyber is in hyper-growth mode,  fueled by a recent $190m series C round. 

Why Blackpoint?   

Ready to give some hackers hell? On the Blackpoint Cyber Team, we win the unfair fight while helping others protect what’s most important to them. Simply put, our team takes out the adversaries before they see us coming. Join us today and help put the bad guys in their place for good.   

Blackpoint Cyber was built by former US Department of Defense and Intelligence security experts focused on stopping malicious tradecraft and safeguarding MSP operations. Our mission? Provide absolute and unified Managed Detection and Response services to organizations across the world.      

Company Culture   

On this team, we value high-quality execution, ownership, and strong morals. With us, principles are never tested, and we are proud to always do right by our customers. If you’re a driven professional with a passion for learning and contributing towards the best, then Blackpoint welcomes you. Our team is energetic and collaborative, maintaining a high-performance culture and enabling growth through overcoming challenges in the modern cyberthreat landscape.    

What You'll Do 

• Creation of detection logic and rules for new and emerging threats 

• Tune alerts to reduce false positives and ensure detection rules have no gaps in order to maximize the efficiency and accuracy of our best-in-class 24x7 Security Operation Center (SOC) environment 

• Collaborate with the team to identify common patterns and trends in customer environments 

• Help design and build visualizations for tracking observed trends in the SOC 

• Utilize test lab environments to research emerging techniques and make contributions to the internal and external knowledge development of threat operations 

• Assist the SOC team with responding to and mitigating active threats and attacks for our customers 

• Review and write detections based on activity caught and mitigated by the SOC. 

What You'll Bring 

• Two (2+) years of experience in an information security role. Progressive relevant training and/or certification may be substituted for one (1) year of the experience requirement 

• Experience working in a Security Operations Center (SOC), Threat Hunting, or Digital Forensics and Incident Response (DFIR), preferred 

• One (1+) years of experience with system tuning and/or engineering 

• Knowledge of data structures, algorithms, and analysis techniques 

• Experience in testing adversary tactics, techniques, and procedures (TTPs) along with creating Yara or Sigma rules for detection of these TTPs 

• Knowledge on assessing threat indicators in a Windows Environment (e.g. Malware/Malicious Anomalies/Abnormal network Activity/Root Level Compromise, Forensic Artifacts, etc.) 

• Experience with Elasticsearch and Kibana query languages or similar 

• Knowledge of attacker tools, including legitimate software abused for malicious purposes. 

• Familiarity with the relationships between parent and child processes, including their arguments and the ability to identify potential suspicious activities. 

• Ability to work shifts if required (night, weekends, and day) 

• Ability to troubleshoot and debug issues relating to data indexing and data availability 

• Excellent communication skills to effectively summarize and present findings and trends 

• Ability to work independently with strong problem-solving skills 

• Knowledge of code-signing certificates and how they can be utilized for malicious purposes. 

   

Bonus 

• Bachelor’s Degree in Computer Science, Engineering, or related technical discipline 

• Proficiency using Power BI data visualization software 

• CRTO, eCPTX, or other relevant certifications. 

• Network/System Administration experience 

• Deep forensic knowledge of Windows, Mac OS and/or Linux 

• Red Teaming or Penetration Testing experience. 

• Malware Analysis (Behavioral and/or Static analysis- IDA, Cuckoo Sandbox, x86/x64 Debugging) Pentesting/Red/Blue Team 

Blackpoint Cyber welcomes and encourages applications from qualified individuals of all races,  colors, religions, sex, sexual orientation, gender identity or expression, national origin, age, marital  status, or any other legally protected status. We are committed to equality of opportunity in all  aspects of employment.  For eligible employees in the US, Blackpoint offers competitive Health, Vision, Dental, and Life Insurance plans, a robust 401k plan, Discretionary Time Off, and other minor perks.