Principal Threat Detection Engineer
job description
Job Description
This position is part of AbbVie’s Information Security &
Risk Management (ISRM) team. We are here to put our partners in a position to succeed. We do it by providing the knowledge, tools, and support they need to effectively use data and technology while also effectively managing risk.
This role is an advanced technical role focused on autonomously driving and maturing AbbVie’s threat detection and monitoring services. This role will serve as a technical subject matter expert on the cyber threat landscape, attacker tactics and techniques and serve as the lead on threat detection content development lifecycle. You will also coach junior team members, engage in advanced data analysis, and work closely with the Incident Response teams (primary customer).
This role can be remote anywhere in the U.S.
In this role, you’ll be responsible for:
· Developing and maintaining threat detection content informed by the threat landscape, including tracking emerging threats and our coverage and susceptibility to the underlying techniques.
· Understanding the threat landscape and coverage of related Tactics, Techniques, and Procedures (TTPs) by our technologies to understand where we need to fill gaps related to data, content, toolset etc.
· Collaborating with the Red Team to test novel attack techniques, public exploit proof-of-concepts for emerging threats, and the efficacy of our existing detections.
· Leading Purple Team exercises, including exercises conducted by external vendor.
· Reporting, developing, and tuning of detection content to address Purple Team findings.
· Reviewing detection content contributions from junior resources for accuracy and efficacy.
· Actively participating in major cybersecurity incidents to provide input based on subject matter expertise, detection, and data insights.
· Assisting with validating team member skills and contributing to career progression through coaching, training opportunities, and challenging team members to improve.
· Collaborating with specialists and analysts to actively contribute to risk reduction efforts, including but not limited to assessments and in-depth research and analysis of threats.
· Providing technical input into defensive toolset engineering, including content creation, tuning, expansion of defensive platforms, and implementation of new controls.
· Staying informed of modern defensive cybersecurity controls functionality and limitations, including the latest defensive technologies and techniques.
· Contributing to service improvements and expansion initiatives by providing input based on subject matter expertise and an advanced understanding of evolving threats.
Tools and skills you will use in this role:
· Identifying cybersecurity threats
· Data analytics, including event correlation and trend analysis.
· Industry leading security products including EDR, SIEM, SOAR, CSPM, vulnerability scanning, NGFW’s, internet proxies, zero trust.
· Incident analysis and general troubleshooting
· Industry leading ETL and data analytical tools
· SQL or similar query languages