Senior Associate, Detection Engineer, Cyber Managed Services

Senior Associate, Detection Engineer, Cyber Managed Services

Working within our Security Operations Centre as a Detection Engineer, the focus of this role is the implementation of security monitoring, detection and response technologies across Kroll’s client base. This involves developing, testing, and tuning security content across EDR and SIEM technologies.

Below are the roles and responsibilities for the Senior Associate, Detection Engineer role based in India:

Day to day responsibilities

• Develop, test and tune detections (aka use cases, rules) for the latest threats using leading SIEM and EDR technologies.
• Identify false positives/negatives and tune detections to increase fidelity.
• Understand the threat landscape including new/emerging threats.
• Develop, test and tune parsers to normalise raw logs.
• Handle requests for new detections, determine the security value of those requests and clearly explain your decision to stakeholders.
• Be an SME on audit logging and recommend configurations to customers. 
• Improve the computational efficiency of existing content. 
• Work with customers to build effective whitelists and blacklists.  
• Understand and master data sources across a variety of categories including Windows, Linux, Active Directory, Privileged Access Management, Intrusion Detection/Prevention, Firewalls, Anti-Virus, Endpoint Detection & Response, Cloud Access Security Broking, Network Access Control, Application Control and Productivity Apps.  
• Collaborate with key stakeholders across the SOC, Threat Intelligence, Offensive Security, Sales Engineering, Engineering, Project, Product and Sales Teams. 
• Create scalable processes through automation. 
• Document designs and processes. 

 Essential Traits

• Experienced professional between 4 to 8 years.
• Strong organisational skills and an ability to appropriately prioritise tasks.
• Ability to relay complex technical subject matter to non-technical stakeholders.
• Demonstrable analytical and technical aptitude with focus on identifying and alleviating the root cause of a problem.
• Proven ability to thrive and respond to frequent demands of multiple constituents, both internal and external, in a high demand, customer-centric environment. 
• SANS/GIAC certifications preferred.

Prerequisites

• Familiar with prevailing threats and how to mitigate them using EDR or SIEM.
• Understanding of Windows or Linux telemetry. 
• Experience writing or tuning detections for EDR or SIEM technologies.
• Familiarity with the Mitre ATT&CK framework.
• Understand security principles and practices.
• Proficient with Regex.
• Proven capability to learn and deliver to a high standard within deadlines.
• Written and verbally fluent in English

About Kroll

Join the global leader in risk and financial advisory solutions—Kroll. With a nearly century-long legacy, we blend trusted expertise with cutting-edge technology to navigate and redefine industry complexities. As a part of One Team, One Kroll, you'll contribute to a collaborative and empowering environment, propelling your career to new heights. Ready to build, protect, restore and maximize our clients’ value? Your journey begins with Kroll. 

Kroll is committed to equal opportunity and diversity, and recruits people based on merit. 

In order to be considered for a position, you must formally apply via careers.kroll.com.

#LI-SP1

#Naukri