Related skills
aws python siem edr cloudtrailπ Description
- Design, implement, test, and tune detections across endpoint, identity, cloud, SaaS, and network.
- Build detection-as-code with version control, testing, peer review, docs, deployment.
- Improve SIEM and telemetry pipelines: log ingestion, parsing, enrichment, alerts, case workflows.
- Design and operate deception capabilities: canary tokens, decoy accounts, honey assets.
- Lead incident response investigations: triage, containment, remediation, post-incident findings.
- Collaborate with IT/infra/engineering/game teams to improve security visibility; governance ~20%.
π― Requirements
- 6+ years in security operations, detection engineering, incident response, or similar hands-on security.
- Strong experience tuning and validating detections in SIEM, EDR, cloud, identity, or SaaS.
- Hands-on with SIEM platforms and EDR tools (eg, CrowdStrike Falcon) or equivalent.
- AWS security knowledge: IAM, CloudTrail, GuardDuty, VPC logs, S3.
- Scripting/automation: Python, Bash, PowerShell, SQL, or similar.
- Audit evidence, control docs, third-party reviews, policies, standards, frameworks knowledge.
π Benefits
- Audit/control docs, third-party reviews, policies; bonus: threat hunting, SOAR, deception.
- Collaborate with IT/infra/engineering/game teams to improve security visibility; governance ~20%.
- Support a diverse, inclusive environment that fosters growth and learning.
Meet JobCopilot: Your Personal AI Job Hunter
Automatically Apply to Engineering Jobs. Just set your
preferences and Job Copilot will do the rest β finding, filtering, and applying while you focus on what matters.
Help us maintain the quality of jobs posted on Empllo!
Is this position not a remote job?
Let us know!