What does a successful Threat Detection Engineer do at Fiserv?
You will work towards ensuring our Cybersecurity Incident Response team can quickly respond to alerts associated with credible threats to the Fiserv environment by writing correlated detection rules for complex cybersecurity use cases and have a strong understanding in adversarial techniques, incorporation of intelligence data, and expert dashboard and report creation using Business Intelligence (custom or commercial) tools and Agile methodologies. You will be reporting to the Vice President Threat Detection and Response in this position.
What you will do:
- Research and develop adversarial techniques to develop behavioral detections with high fidelity and assist in testing developed detection content
- Manage and maintain the entire lifecycle of SIEM management (data selection, ingest, parsing, detection development) and SOAR (alert configuration/management, playbook/runbook development, automation) management
- Create standard metrics across different cybersecurity teams, as well as intelligence and operational dashboards using data science and BI tools
- Manage workflows using Agile methodology to properly scope and track progress on development initiatives
- Collaborate with Fiserv Threat Intelligence, Threat Hunters, Incident Responders, and Red Team members to evaluate and close gaps in detection coverage
- Stay current with threat intelligence, vulnerabilities, attacks, and countermeasures, dedicating time to threat research and enhancing our defensive posture
What you will need to have:
- 6+ years of Information Technology experience
- 2 years of SIEM/SOAR, and cybersecurity operations and development experience with core cybersecurity technologies (EDR/AV, IDS/NDR, UEBA, DLP, WAF, Proxy) and cloud technologies (AWS, Azure, GCP)
- 2+ years development experience for detection development using standard SIEM syntax (Splunk, SIGMA/YARA-L, ELK, SQL), MITRE ATT&CK framework, development coverage, and coverage metrics
- 1+ years scripting/development experience with Python, SQL, PowerShell, bash, Ruby, GO, Ruby, R, Rust, or similar tools
- 1+ year experience in areas of malware analysis/reversing, forensics, Incident Response, or Cyber Intelligence
- 1+ years’ experience in the creation and management of metrics and analytics using APIs, SQL, and Business Intelligence tools
- 1+ years’ experience in Agile methodologies and development tools like Azure DevOps, Jira, or Asana
- Bachelor’s degree in data science, Computer Science, Engineering, Mathematics or an equivalent combination of education, work, and/or military experience
What would be great to have:
- Certifications in Cloud technologies like AWS, Azure or GCP
- Other Industry certifications such as SANS GCIH, GSOC, GSOM, GCIA, GPEN, GMON, GCDA, GFACT
- Previous Fiserv experience in a similar role
#LI-RM1
R-10369951
