Detection Engineer - Cyber Security

Trinity Cyber is a leading developer and provider of advanced cybersecurity technologies and services.  Our breakthrough core technology can deeply, quickly, and precisely interrogate and transform Internet sessions, creating a family of products and services.  As a secure edge, our system automatically identifies, neutralizes and transforms malicious Internet traffic in line and at line speed with granularity and precision beyond other cybersecurity technologies.  As an API-driven file inspection platform, it delivers sub-second conviction results and metadata to third-party providers like email security and packet capture vendors.  It can also deliver rapid file context and content to cybersecurity analysts.  Our customers and go-to-market partners are growing and span multiple industries.

Are you tired of looking at an endless queue of Splunk alerts?  As a Trinity Cyber detection engineer, you will have the power to stop and modify threats instead of watching them pass by.  With the power to change digital reality at your fingertips, you will deconstruct modern day adversarial threats and thwart them.  You will work with detection engineers and alongside skilled threat intelligence, triage, and discovery teams to enact real actions.  If this sounds like your passion, then stop hitting the query button, and start making an impact with our team. 

THIS JOB CAN BE PERFORMED REMOTELY.

Threat Analysis

  • Inspect network traffic using Wireshark and similar software.
  • Analyze threats within common protocols (TCP, UDP, DNS, TLS, HTTP/S, SMB, etc.).
  • Triage malware through static analysis or sandboxing.
  • Leverage open source data to research and understand threats.
  • Query intelligence platforms and malware repositories to guide detection and mitigation efforts.
  • Collaborate threat research efforts within a ticketing system.

Detection Engineering

  • Develop regular expressions to detect threats.
  • Create YARA rules to hunt for malware.
  • Eliminate or alter threats with proprietary technology.
  • Test and improve signature logic to ensure accurate detections.
  • Collaborate with peers to review signatures.
  1. Knowledge of operating systems and network protocols.
  2. Experience with writing Regular Expressions
  3. Experience in network traffic analysis and at least one of the following domains:
    •    Network Security
    •    Incident Response
    •    Red Team/Blue Team
    •    Signature development
    •    Malware Analysis
    •    Application Security
  4. An advanced understanding of network detection technologies. (IPS/IDS/NGFW)
  5. Ability to work and collaborate with a team remotely.
  6. Strong critical thinking and problem-solving skills.
  7. Skilled in troubleshooting technical issues.
  8. Communicating technical information to a variety of audiences.
  9. A bachelor's degree in information technology/related STEM field, or an equivalent amount of experience in an information technology career.
  10. Must possess the highest level of personal integrity, value team success over individual achievement, have the ability to contribute significantly to extending a culture of collaboration, both internally and enjoy having fun.
  1. Industry certifications that involve Network Security, such as Security+, Network+, CEH, GREM, GCIH, GWAPT.
  2. Prior signature development experience.
  3. Experience mitigating common web application vulnerabilities.
  4. Expertise in analyzing common malware files (EXE, ELF, PDF, Documents, etc.)
  5. Experience detecting and mitigating malware and exploitation attempts.
  6. Experience in reverse engineering.
  7. Familiarity with decoding/decrypting content.