About Opportunity:
Global Cybersecurity (GCS) protects State Street and its clients from the impact of cyber-attacks against systems by understanding the risks these attacks present and mitigating them through a robust, continuously evolving, cybersecurity program and control environment.
Fusion & Security Operations (F&SO) is one of five functions that make up GCS. F&SO works to provide real-time knowledge of cyber threats of today collectively to better prepare State Street for threats of tomorrow.
This Cloud Detection Engineer I will sit in the Fusion Architecture & Detection Engineering sub-function in F&SO. This role is responsible for detecting possible cybersecurity attacks and compromises and sending cogent alerts for analysis by the security operations center. Other responsibility areas are listed below.
Responsibilities:
- Draft and deliver detection use cases in the Splunk Processing Language (SPL); Kusto Query Language (KQL); Falcon Query Language (FQL) and other security query languages.
- Draft and deliver Jira and Confluence pages about cloud detection use cases following prescribed business processes.
- Investigate threat reports and request for detections to determine if a new detection use case is warranted.
- Present production ready use cases to executive governing boards for review and approval.
- Write detection oriented business cases, project plans, and reasoned explanations for decisions made about detections to support the execution of detection engineering projects.
- Partners with technical and non-technical professionals to enhance detection functions, and to drive better protection and response.
Preferred Qualifications:
- Highly diverse and relevant education and experiences, such as: ethical hacking, data analytics, law, military cyber operations, penetration testing, cyber defense, and cyber transformation program management.
- Broad knowledge of cyber security software, business processes, organizational structure, and challenges.
- Software development and scripting experience using RegEx, PERL, Python, or Powershell.
- Ability to create polished presentations in PowerPoint, PowerBI, or other data visualization tools.
- Experience at a large, multi-national financial services firm.
- Experience at a large, multi-national technology consulting firm.
Required Qualifications:
- One year of experience in cybersecurity detection engineering gained through a Bachelor's (BSc) in STEM; or through employment or volunteering.
- Amazon Web Service (AWS) Solutions Architecture Associate, or Oracle Cloud Infrastructure (OCI) Architecture Associate, Certification.
- Knowledge of Oracle Cloud Infrastructure (OCI).
- Ability to code detection use cases using SPL, KQL, or FQL.
- Ability to use Splunk for detection engineering.
- Ability to perform data manipulation, analysis, and reporting using Python, r, or similar analytics language.
- Ability to use Structured Query Language (SQL).
- Knowledge of the cyber global threat landscape; cyber adversaries; cyber tactics, techniques, and procedures (TTPs); cyber threat intelligence sources and methods; and malware.
- Knowledge of infrastructure and application telemetry.
- Ability to use Jira and Confluence to develop, document, collaborate, and release use cases into production environments.
- Ability to write polished descriptive and persuasive business documents.
- Ability to craft reasoned explanations for decisions that can withstand audit scrutiny.