Threat Detection Engineer

SUMMARY

The Threat Researcher is a self-starting and motivated analyst on Arete’s Cyber Threat Research team, primarily focused on countermeasure development, threat hunting and profiling, malware analysis, cyber threat research, and tracking known adversaries and emerging threats. The position contributes to the research and publication of threat insights, internal work products, as well as intelligence products to be used by Arete’s customers and stakeholders. A successful threat research and detection engineer thrives on learning the technical aspects of the tactics, techniques, and procedures leveraged by threat actors and finding solutions to challenging problems. You will play a critical role in developing and maintaining high-fidelity detections contributing to Arete’s MSS and DFIR services and collaborating with cross-functional teams to stay ahead of emerging threats. Work may occasionally include after-hours support.

ROLES & RESPONSIBILITIES

• Develop countermeasures, tools, and methods of detection used for threat hunting and incident response activities to detect, respond, and remediate cyber threats
• Performs threat hunting in Endpoint Detection & Response (EDR) telemetry data
• Conduct analysis of malware, threat actor Tactics, Techniques, and Procedures (TTPs), and attack chains to inform detection strategies
• Identifies cyber threats, trends, and new malware families and threat actor groups, researching various sources that include Arete’s case reports, DFIR & MDR SOC escalations, automated malware analysis sandbox submissions, raw and open-source intelligence
• Collaborate with Threat Intelligence, DFIR, MDR, and SOC teams to ensure detection coverage aligns with real-world threats
• Create compelling internal reports and presentations from analysis results
• Inform various business units within Arete about new threat actor TTPs
• Uncover adversary activity not detected by current detection mechanisms
• Identify intelligence and technology gaps
• Contribute to the development and enhancement of threat detection tools, technologies, and processes to improve automation, data analysis, intelligence sharing, and service offerings
• Conduct stakeholder briefings to communicate relevant findings
• Provide tactical research and analysis support for MDR, DFIR, and SOC business units
• Assist with creating detailed process documentation of analysis workflows to help maintain and update our Standard Operating Procedures for continuous process improvement
• Participate in weekend handler-on-duty rotations
• May perform other duties as assigned by management

SKILLS AND KNOWLEDGE

JOB REQUIREMENTS

DISCLAIMER

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required by personnel so classified.

WORK ENVIRONMENT

While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter : Usual office working conditions. Reasonable accommodations may be made to enable people with disabilities to perform the essential functions of this job.

TERMS OF EMPLOYMENT

Salary and benefits shall be paid consistent with Arete salary and benefit policy.

DECLARATION

The Arete Incident Response Human Resources Department retains the sole right and discretion to make changes to this job description.

EQUAL EMPLOYMENT OPPORTUNITY

We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.