Security Analytics Content Engineer (Remote in US) at Anomali – Atlanta, Georgia

Company Description: Headquartered in Silicon Valley, Anomali is the leading AI-powered Security Operations Platform that modernizes security operations. At its core is a ubiquitous, intelligent, and multilingual Anomali Copilot that automates critical tasks and empowers your team to deliver the risk insights they need to management and the board in seconds. The Anomali Copilot navigates a private, cloud-native security data lake that consolidates legacy visibility efforts and delivers market-first speed, scale, and performance while lowering the cost of security analytics. Anomali combines ETL, SIEM, XDR, SOAR, and the largest repository of global intelligence into a single, efficient platform. Protect and propel your business with greater productivity and talent retention. Do more with less. Be different. Be the Anomali. Learn more at http://www.anomali.com.
Job Description:As a Security Analytics Content Engineer, you will lead the design and production of content detection logic and rules used across Anomali’s various technologies. This role is responsible for supporting Anomali’s content detection efforts to become a leader in the Security Analytics Market. You will also be responsible for building, deploying, and testing all SIEM detection rules and logic. Key Responsibilities 1. Threat Analysis and Detection: Analyze various forms of digital content, such as emails, web pages, and files, to detect potential security threats such as malware, phishing attacks, or malicious scripts. 2. Deep Dive into TTPs:Techniques Identification: Identify specific techniques used in the campaign, such as spear phishing, public application exploitation, or credential dumping.Tactics Correlation: Correlate these techniques to the tactics in the MITRE ATT&CK matrix, which are broad categories that describe the adversary’s objectives, such as “Initial Access,” “Execution,” “Persistence,” etc.Procedure Details: Describe the specific procedures or methodologies used for each technique. For example, if the technique is “spear phishing,” the procedure might involve sending emails with malicious attachments that are targeted to specific individuals.Behavior Mapping: Map the adversary’s behavior to known profiles in the MITRE ATT&CK framework. 3. Detection Rule Development: Design and develop detection rules and algorithms to automatically detect malicious content. This includes understanding the latest techniques in machine learning, pattern recognition, and data analysis. 4. Research and Stay Up-to-Date: Staying up-to-date on the latest malware trends, attack vectors, and detection technologies. This includes continuous learning and sometimes participating in cybersecurity research with Anomali’s Advanced Threat Research Group. 5. Testing Custom Detection Tools: Developing Custom Scripts/Tools: If applicable, testing custom-developed scripts or tools designed for malware detection. Machine Learning Models: Evaluating the effectiveness of machine learning models trained to detect malware.
QualificationsA Content Detection Engineer typically specializes in identifying and mitigating security threats. This role involves analyzing threat actors, their campaigns, and creating detection rules and algorithms to detect and prevent such attacks. Additionally, the role may create content based on approved customer requests. The role is a mix of cybersecurity knowledge and content analysis skills.
Required Skills/Experience:o Bachelor’s or Master’s degree (preferred) in Cybersecurity, Computer Science, Information Technology, or a related field. Additional experience and CISSP or relevant certifications will be considered in lieu of a degree.o Proficiency in programming languages ​​such as Python, Java, or C++.o Proficiency in writing detection rules for malware and malicious campaigns. o Ability to analyze and interpret logs and alerts from various security tools.o Experience with machine learning and artificial intelligence, specifically in content recognition and classification.o Knowledge of data analysis and data mining techniques.o Experience with tools and techniques for detecting malware, phishing attempts, and other malicious content.o Knowledge of network security and protocols, including experience with firewalls, intrusion detection systems, and encryption technologies.o 3+ years of relevant experience in the cybersecurity space, with work relevant to the responsibilities of this position.o Previous experience in content detection or a similar area.o Hands-on experience with machine learning algorithms and tools.o Experience developing and implementing content detection models and algorithms.o Strong analytical and problem-solving skills.o Attention to detail and accuracy.o Ability to work independently and as part of a team.o Good communication skills, as the role may involve collaborating with other teams and explaining complex concepts to non-technical stakeholders.o Willingness to stay informed of the latest developments in technology, particularly in areas relevant to content detection.o This position involves some travel as necessary, up to 20%o This position is not eligible for work visa sponsorship. The successful candidate must not now, or in the future, require sponsorship to work in the U.S.
Desired Skills/Experience:o Specialized courses or certifications in data science, machine learning, or artificial intelligence may be helpful.o Certifications in cybersecurity (such as CISSP, CISM, CEH) may be beneficial.
Equal Opportunity MonitoringIt is our policy to ensure that all eligible individuals have equal opportunities for employment and advancement based on their ability, qualifications, and aptitude. We select those qualified for appointment solely on the basis of merit, without regard to a person’s disability, race, color, religion, sex, sexual orientation, gender identity, national origin, age, or status as a protected veteran. Monitoring is conducted to ensure that our equal opportunity policy is being effectively implemented.
If you are interested in working with Anomali and require special assistance or accommodation to apply for a posted position, please contact our recruiting team at [email protected].