DART, Lead Detection Engineer - Location Flexible
Role Description
The Detection and Response Team (DART) is looking for a Team Lead (non-manager), Detection Engineer with experience building and integrating detection infrastructure including log pipelines and enrichments, rule engines, and SIEM capabilities. You will be responsible for shaping the next generation of our detection platform, providing technical leadership, and keeping Dropbox worthy of trust!
We are a multi-disciplinary team with a wide variety of skills and responsibilities including Linux, macOS and Windows systems security, network security, and overall detection and response capabilities. We have many green field opportunities to apply your prior experience and vision to improve our Detection program!
Responsibilities
- Deliver the next generation of capabilities in our our detection program's SIEM tooling
- Provide Detection and Response oncall services related to security incidents and system faults
- Develop data-founded priorities for the detection programs efficacy, architecture, and scaleability
- Drive the adoption of logging frameworks within our partner teams
- Analyze data from disparate sources, correlating individual event logs into security events
- Improve detection workflows with automation and enrichments
- Write detection rules to identify threats specific to our environment
Minimum Qualifications
- 5+ years experience as a security engineer in related domains, including 2+ years with hands-on technical management experience
- Experience on-the-ground in operational teams or as a first responder to security incidents
- Experience improving operational teams capabilities/KPIs and enacting change across teams
- Knowledge of operating systems, file systems, or memory on macOS, Linux, Windows, or iOS/Android
- Coding or scripting proficiency in one or more languages
- Practical experience with attacker tactics, techniques and procedures
Preferred Qualifications
- Previous individual contributor responsibilities performing incident response, threat intelligence, or digital forensics
- Recent digital forensic experience including memory or live analysis of macOS, Linux, Windows, or iOS/Android systems
- Experience as an incident responder to existential threats to the business
- Experience and knowledge across multiple security domains, with strengths in two or more areas of detection engineering, digital forensics, incident response, threat intelligence, malware analysis
- Demonstrated engagement in the security community through talks, papers, or code
- Previous experience applying statistical and machine learning analysis in the detection domain