Security Analytics Content Engineer (Us Remote)

Anomali, a world-renowned platform leader in Security Operations, supercharges SecOps by fusing Lightspeed Security Analytics, Industry-Leading Cyberthreat Intelligence (CTI), AI-based automated threat hunting, alert orchestration, automated threat detection and incident response (TDIR) blocking, community intelligence sharing, exposure management, and dark web protection. Transforming CISOs into superheroes and analysts into SOC terminators.

 

Anomali's Platform offers: "Match" Next-Gen SIEM, "Lens" AI Threat Hunter, "ThreatStream" TIP, Anomali Integrator, Anomali ISAC, Anomali Attack Surface Management, and Anomali Digital Risk Protection, infused with Anomali AI. 

 

Anomali bridges the gap between point solutions (EDR, NDR, SSE, RMM, CAASM, etc.) and replaces legacy SIEMs at 50% the cost, giving analysts easy-to-use tools that enable lightspeed detection & response. Anomali addresses the global shortage in cyber talent by empowering analysts to contain, eradicate, and block threats in seconds without complex SIEM queries, manual blocks, or long investigations. 

 

Anomali delivers as a proprietary platform and disruptor to the Security Analytics world.  Anomali can search billions of logs in seconds, correlating tens of millions of IoCs and IoAs across years of telemetry and logs often deleted or moved to cold storage.  At every point across the cyber kill chain, Anomali supercharges the SOC to detect, contain, and eradicate threats before organizational impact. 

As a Security Analytics Content Engineer, you will lead the design and production of content detection logic and rules used in Anomali's various technologies. This role is responsible for supporting Anomali's content detection efforts to become a leader in Security Analytics Market.  You will also be responsible for building ,deploying and testing all SIEM detection rules and logic .

 

 

1.      Threat Analysis and Detection: Analyzing various forms of digital content, such as emails, web pages, and files, to detect potential security threats like malware, phishing attacks, or harmful scripts.

 

2.      Deep Dive into TTPs:

Techniques Identification: Identify specific techniques used in the campaign, such as spear phishing, exploitation of public-facing applications, or credential dumping.

Tactics Correlation: Correlate these techniques with the tactics in the MITRE ATT&CK matrix, which are broad categories describing the objectives of the adversary, such as "Initial Access", "Execution", "Persistence", etc.

Procedures Detailing: Detail the specific procedures or methods used for each technique. For instance, if the technique is 'spear phishing', the procedure might involve sending emails with malicious attachments tailored to specific individuals

Behavior Mapping: Map the adversary's behavior to known profiles in the MITRE ATT&CK framework.

 

3.      Development of Detection Rules: Designing and developing detection rules and algorithms to automatically detect harmful content. This involves understanding the latest in machine learning, pattern recognition, and data analysis techniques.

 

4.      Research and Keeping Up-to-date: Staying informed about the latest malware trends, attack vectors, and detection technologies. This involves continuous learning and sometimes participating in cybersecurity research with Anomali's Advaced threat Research Group.

 

5.      Testing Custom Detection Tools:

Develop Custom Scripts/Tools: If applicable, test custom-developed scripts or tools designed for malware detection.

Machine Learning Models: Evaluate the effectiveness of any machine learning models that have been trained to detect malware.

A Content Detection Engineer typically specializes in identifying and mitigating security threats . This role involves analysing threat actors , their campaigns, and creating detection rules and algorithms to detect and prevent such attacks. The role is a blend of cybersecurity knowledge and content analysis skills.

o Bachelor's or Master's degree (preferred) in Cybersecurity, Computer Science, Information Technology, or a related field.

o Proficiency in programming languages such as Python, Java, or C++.

o Proficiency in writing detection rules for Malware and malicious campaigns. 

o Ability to analyze and interpret logs and alerts from various security tools.

o Experience with machine learning and artificial intelligence, especially in content recognition and classification.

o Familiarity with data analysis and data mining techniques.

o Experience with tools and techniques for detecting malware, phishing attempts, and other malicious content.

o Knowledge of network security and protocols, including experience with firewalls, intrusion detection systems, and encryption technologies.

o 3 to 5 years of relevant experience in the cyber security space, doing work relevant to the responsibilities of this position.

o Previous experience in content detection or a similar field.

o Hands-on experience with machine learning algorithms and tools.

o Experience in developing and implementing content detection models and algorithms.

o Strong analytical and problem-solving skills.

o Attention to detail and accuracy.

o Ability to work independently and as part of a team.

o Good communication skills, as the role may involve collaborating with other teams and explaining complex concepts to non-technical stakeholders.

o Willingness to stay updated with the latest developments in technology, particularly in areas relevant to content detection.

o This position will include some travel as needed, up to 20%

o This position is not eligible for employment visa sponsorship. The successful candidate must not now, or in the future, require sponsorship to work in the US.

o Specialized courses or certifications in data science, machine learning, or artificial intelligence can be beneficial.

o Certifications in cybersecurity (such as CISSP, CISM, CEH) can be advantageous.