Cloud Detection Engineering Research Consultant at Dell Technologies – Hyderabad, India

Secureworks® (NASDAQ: SCWX), a global leader in cybersecurity, enables our customers and partners to outsmart and outmaneuver adversaries with greater precision, so they can rapidly adapt and respond to market forces to meet their business needs. With a unique combination of cloud-native, SaaS security platform and intelligence-driven security solutions informed by more than 20 years of threat intelligence and research, no other security platform is grounded and informed by as much real-world experience. www.secureworks.com

We enjoy competitive compensation and benefits packages and reward and recognize our employees for exceptional results. A relentless focus on continuous learning and growth keeps our team members engaged and excited about “what’s next.” We offer flexible work options when available and emphasize the importance of work-life balance. We know that when our people are rewarded, recognized and rejuvenated, we win as a team.

Role Overview

The successful candidate must be a strong security leader with proven technical skills and experience investigating, hunting and responding to advanced threat actors in cloud environments. As a member of a highly trained security research team – The Counter Threat Unit (CTU™) – the individual will provide technical leadership on customer-facing projects, generate high-fidelity threat intelligence and contribute to the development of advanced technologies and processes to detect threat actors and improve protection for our Managed Security Services customers. They will also work closely with teammates and our Security and Risk Consulting delivery teams to provide subject matter expertise in support of Cyber-Security Incident Management (such as incident handling, breach management, forensics, electronic discovery, etc.).

The responsibilities of this role are as follows:

Developing countermeasures to detect or block threats using cloud technologies:
- Discover new detection mechanisms
  - Transform new and emerging threat research into actionable detection measures. Use creative techniques to develop countermeasures and detection tools.
- Cloud Countermeasures
  - Discover how a threat manifests in a cloud environment and explore how to detect that threat in cloud telemetry and environmental monitoring.
- Network IDS/IPS Countermeasures
  - Analyze how a network threat transmits data over the network and investigate how to detect or block that threat using Snort or Suricata IDS/IPS rule creation.
Contribute to the development and delivery of competitive services, methodologies and results in the security market.
Work as a top expert in cloud technologies
Serve as an internal expert for other departments, including marketing, product management, and the broader Counter Threat Unit research team.

Requirements

Minimum 5 years of experience with public cloud environments including AWS, Azure, Office 365 and GCP.
Data analysis and programming
- Scripting PowerShell, Bash, Python and basic programming skills.
- Hands-on experience with popular Python data science packages such as Numpy, Pandas, and Matplotlib.
- Knowledge of CI/CD pipelines, testing and automation.
Forensic analysis of collected evidence artifacts
- Analysis of memory images of common operating systems.
- Analysis of disk images that can contain different file systems (NTFS, FAT, EXT, HFS+…) and operating systems.
Network Traffic Analysis
- Identify detectable characteristics of threatening network traffic.
- Extensive analysis of traffic patterns to identify anomalies.
Event Log Analysis
- Inspection of log data from commonly used operating systems and security infrastructure to identify threat activity and reconstruct an incident.
- Analysis of log data from security infrastructure (firewalls, web proxies, etc.) to identify anomalous behavior patterns.

Education, experience and qualifications

Typically requires 8+ years of relevant experience in a professional role with a Bachelor’s degree; or 6+ years with a Master’s degree; or 3+ years with a PhD; or equivalent experience

GSEC, GCIA, GPEN, GWAPT, GCIH, GSEC, OSCP, OSCE or equivalent certifications

Preferences

Perform analysis of security and infrastructure logs using modern data analysis strategies.
Research into specific threat groups and their tactics, techniques and procedures (TTP).
Experience developing tools for malicious code analysis, network traffic analysis, and malicious code detection on endpoint systems is a big plus.
Performing research and analysis of vulnerabilities and exploits.
Strong knowledge of computer architecture and operating system concepts.
Experience with version control systems, issue tracking tools, and CI/CD systems.
Experience with deployment automation tools and techniques including Packer, Vagrant, Terraform, Ansible, AWS CloudFormation, and Azure Resource Manager.
In-depth knowledge of the components, principles, practices and procedures of information security.
In-depth knowledge of the concepts of Computer Network Exploitation (CNE) and Computer Network Defense (CND).
Ability to articulate and present findings clearly to a wider audience.

Secureworks is committed to the principle of equal employment opportunity for all employees and to providing a work environment free from discrimination and harassment to employees. All employment decisions at Secureworks are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or registered partnership status, past or present military service, family medical history or genetic information, family or parental status or any other status protected by the laws or regulations in the locations where we operate. Secureworks does not tolerate discrimination or harassment based on any of these characteristics.

#Radancy