Detection Response, Security Engineer II, Threat Detection

Full Time
11 months ago

About Us:

HashiCorp is a fast-growing organization that solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks. We build tools to ease these decisions by presenting solutions that span the gaps. Our tools manage both physical machines and virtual machines, Windows, and Linux, SaaS and IaaS, etc. Our open source software is used by millions of users to provision, secure, connect, and run any infrastructure for any application. The Global 2000 uses our enterprise software to accelerate application delivery and drive innovation through software. 

About this team: 

We're looking for talented Incident Responders to join our Threat Detection and Response Team (TDR). This team will help defend HashiCorp through strategic detection, response, and prevention patterns across all of our products and the enterprise. This person will be responsible for incident response from start to finish coordinating across multiple teams of varying technical ability. 

In this role, you will:

As a member of our TDR team, you’ll have an eye on the threat landscape, staying ahead of emerging threats that may target our company. You will perform research to understand our technological footprint, the potential pathways attackers could traverse to compromise our systems, and develop detection strategies to ensure we quickly identify malicious activity. Tooling and automation will be key to success as we scale our environments to meet customer demand. Lastly, we can’t detect what we cant see, so driving visibility improvements across the company will be key to ensuring the TDR team is always equipped with the necessary data to protect HashiCorp.

Engineering at HashiCorp is largely a remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy while collaborating asynchronously within and across teams.

HashiCorp embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. We believe the more inclusive we are, the better our company will be.

QUALIFICATIONS:

  • 2+ years in a role performing Threat Detection, Incident Response, Threat Intelligence, or Abuse Mitigation 
  • Understand how to develop rules utilizing hypothesis driven detection research leveraging tools such as: 
    • Python
    • Athena, SQL, Presto etc..
    • Threat Intelligence Services and OSINT
  • Ability to breakdown complex detection logic, and to explain to others how the detection works, the theory behind it, and also what to do when the alert is triggered
  • Familiarity with MITRE ATT&CK and researching emerging threats
  • Experience with SIEMs and log analysis 
  • Understanding of different types of detection engines and knowing the right tool to leverage at the right time
  • Understanding of what logs are available and useful for:
    • Linux (Production Workloads), Mac, Windows
    • AWS, GCP, and Azure
  • Working knowledge of Operating System security

DESIRED:

  • Cloud Workload Forensics - Memory and Storage collection and analysis 
  • Understanding of legal holds, chain of custody and other fun IR activities to protect HashiCorp 
  • Experience with log ingestion and SIEM content management 
The base pay range for this role is:$134,300—$158,000 CAD

Colorado, California, Washington, New York, and British Columbia Applicants: To view base salary ranges for this role in your location and to learn more about which roles are eligible for bonus pay or commissions, please visit our Intern Ranges below. Individual pay within the range will be determined based on job related-factors such as skills, experience, and education or training. Information on our benefits can be found via the link below. 

  • Benefits: https://www.hashicorp.com/careers/benefits
  • Intern Ranges: https://bit.ly/3H2soha