About Opportunity:
Global Cybersecurity (GCS) protects State Street and its clients from the impact of cyber-attacks against systems by understanding the risks these attacks present and mitigating them through a robust, continuously evolving, cybersecurity program and control environment.
Fusion & Security Operations (F&SO) is one of five functions that make up GCS. F&SO works to provide real-time knowledge of cyber threats of today collectively to better prepare State Street for threats of tomorrow.
This Cloud Detection Engineer I will sit in the Fusion Architecture & Detection Engineering sub-function in F&SO. This role is responsible for detecting possible cybersecurity attacks and compromises and sending cogent alerts for analysis by the security operations center. Other responsibility areas are listed below.
Responsibilities:
1. Draft and deliver detection use cases in the Splunk Processing Language (SPL); Kusto Query Language (KQL); Falcon Query Language (FQL) and other security query languages.
2. Draft and deliver Jira and Confluence pages about cloud detection use cases following prescribed business processes.
3. Investigate threat reports and request for detections to determine if a new detection use case is warranted.
4. Present production ready use cases to executive governing boards for review and approval.
5. Write detection oriented business cases, project plans, and reasoned explanations for decisions made about detections to support the execution of detection engineering projects.
6. Partners with technical and non-technical professionals to enhance detection functions, and to drive better protection and response.
Preferred Qualifications:
7. Highly diverse and relevant education and experiences, such as: ethical hacking, data analytics, law, military cyber operations, penetration testing, cyber defense, and cyber transformation program management.
8. Broad knowledge of cyber security software, business processes, organizational structure, and challenges.
9. Software development and scripting experience using RegEx, PERL, Python, or Powershell.
10. Ability to create polished presentations in PowerPoint, PowerBI, or other data visualization tools.
11. Experience at a large, multi-national financial services firm.
12. Experience at a large, multi-national technology consulting firm.
Required Qualifications:
13. One year of experience in cybersecurity detection engineering gained through a Bachelor’s (BSc) in STEM; or through employment or volunteering.
14. Amazon Web Service (AWS) Solutions Architecture Associate, or Oracle Cloud Infrastructure (OCI) Architecture Associate, Certification.
15. Knowledge of Oracle Cloud Infrastructure (OCI).
16. Ability to code detection use cases using SPL, KQL, or FQL.
17. Ability to use Splunk for detection engineering.
18. Ability to perform data manipulation, analysis, and reporting using Python, r, or similar analytics language.
19. Ability to use Structured Query Language (SQL).
20. Knowledge of the cyber global threat landscape; cyber adversaries; cyber tactics, techniques, and procedures (TTPs); cyber threat intelligence sources and methods; and malware.
21. Knowledge of infrastructure and application telemetry.
22. Ability to use Jira and Confluence to develop, document, collaborate, and release use cases into production environments.
23. Ability to write polished descriptive and persuasive business documents.
24. Ability to craft reasoned explanations for decisions that can withstand audit scrutiny.