Senior Security Detection Engineer

The Senior Security Detection Engineer is crucial in overseeing DDoS tooling operations globally within the organization. This role focuses on enhancing threat detection for our customers and requires deep expertise in detection mechanisms and SIEM technologies. You will be at the forefront of developing innovative security detection use cases aimed at combating fraud and abuse across Cox Automotive products.WHAT YOU'LL DO• Security Detection Engineering• Collaborate with engineering teams across the company to ensure effective operational support for WAF, Bot Management, and DDoS protection.• Lead attack simulation tests to ensure detection use cases successfully identify attack patterns in both on-premise and cloud systems.• Create and enhance customer threat detection and automated threat remediation use cases utilizing SIEM and various contemporary technologies.• Develop and improve internal security tooling designed to detect and respond to bespoke use cases.• Work alongside Incident Response and Threat Intelligence teams to consistently elevate cybersecurity efforts in threat identification and response.• Manage and enhance security monitoring tools for WAF, SIEM, DDoS protection, and other standard security technologies.• Utilize threat intelligence and engage in threat hunting to discover compromised accounts and systems using EDR and other tools.• Propose and review security plans and policies aimed at bolstering the organization's security posture.• Maintain operational playbooks, diagrams, and documentation pertinent to security detection and response.• Evaluate proposed security deployments to confirm adherence to security monitoring needs.• Adapt to new security threats as necessary, addressing them in a proactive manner.• Utilize MITRE ATT&CK and other frameworks to construct and validate detection use cases.• Provide off-hour support for security administration, detection, and response activities as required.• Incident Response• Collaborate with the Incident Response team to address customer security and fraud investigations.• Conduct incident response and forensic activities in reaction to internal and external threats.• Analyze compromised systems to identify the root causes of security incidents, recommending necessary remediation steps while employing advanced forensic tools to expedite investigations.• Research emerging TTPs (tactics, techniques, and procedures) that adversaries use to exploit enterprise IT environments.• Provide timely detection, identification, and alerting of potential attacks/intrusions and anomalous activities, differentiating between benign actions and security incidents.• Correlate incident data to pinpoint vulnerabilities and suggest swift remediation strategies.• Document and implement procedures for effective incident handling and response tasks.• Required Skills• Proven ability to work collaboratively with internal IT teams and external MSSPs for security monitoring across WAF, DDoS protection, Email systems, DLP, AV, and Endpoint security technologies.• Expertise in data analytics, security event correlation, triage, and analysis.• Capability to apply security Threat Intelligence effectively in response to security events.• Experienced in managing projects aimed at enhancing security monitoring and response capabilities.• Strong understanding of Zero Trust security best practices.• Robust background in security engineering and architecture to optimize security monitoring.• Ability to effectively communicate security issues to management and stakeholders.• Maintain security monitoring operational guidelines and standards.WHO YOU ARE• Holds a Bachelor’s degree in Computer Science or a related field, or possesses an equivalent combination of relevant professional experience and education.• Has 6+ years of experience in Security Engineering/Analysis.• Experienced working in a Security Operations Center (SOC).• Possesses expert knowledge in Web Security, DDoS protection, and data analytics.• Skilled in developing SIEM/SOAR detection and automation use cases.• Experience in cloud security for AWS, Azure, or GCP.• Holds certifications such as GSEC, GCIA, GFE, GCFA, CISA, CISSP, CISM, or CIA.• Demonstrates experience in Information Security, Application Security, and Incident Response.• Must be located within a commutable distance to our offices in Atlanta or New York.Compensation: $128,000.00 - $213,500.00 per yearThe Company values flexibility, allowing employees to manage their vacation days responsibly, alongside other paid leaves and wellness options. Join Cox Automotive to make a significant impact in transforming mobility.Cox is an Equal Employment Opportunity employer committed to diversity and inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to any characteristics protected by law.