Detection Engineer - AVP
About Opportunity: Global Cybersecurity (GCS) protects State Street and its clients from the impact of cyber-attacks against systems by understanding the risks these attacks present and mitigating them through a robust, continuously evolving, cybersecurity program and control environment.
Fusion & Security Operations (F&SO) is one of five functions that make up GCS. F&SO works to provide real-time knowledge of cyber threats of today collectively to better prepare State Street for threats of tomorrow.
This Cloud Detection Engineer I will sit in the Fusion Architecture & Detection Engineering sub-function in F&SO. This role is responsible for detecting possible cybersecurity attacks and compromises and sending cogent alerts for analysis by the security operations center. Other responsibility areas are listed below.

Responsibilities:

• Draft and deliver detection use cases in the Splunk Processing Language (SPL); Kusto Query Language (KQL); Falcon Query Language (FQL) and other security query languages.
• Draft and deliver Jira and Confluence pages about cloud detection use cases following prescribed business processes.
• Investigate threat reports and request for detections to determine if a new detection use case is warranted.
• Present production ready use cases to executive governing boards for review and approval.
• Write detection oriented business cases, project plans, and reasoned explanations for decisions made about detections to support the execution of detection engineering projects.
• Partners with technical and non-technical professionals to enhance detection functions, and to drive better protection and response.

Preferred Qualifications:

• Highly diverse and relevant education and experiences, such as: ethical hacking, data analytics, law, military cyber operations, penetration testing, cyber defense, and cyber transformation program management.
• Broad knowledge of cyber security software, business processes, organizational structure, and challenges.
• Software development and scripting experience using RegEx, PERL, Python, or Powershell.
• Ability to create polished presentations in PowerPoint, PowerBI, or other data visualization tools.
• Experience at a large, multi-national financial services firm.
• Experience at a large, multi-national technology consulting firm.

Required Qualifications:

• One year of experience in cybersecurity detection engineering gained through a Bachelor’s (BSc) in STEM; or through employment or volunteering.
• Amazon Web Service (AWS) Solutions Architecture Associate, or Oracle Cloud Infrastructure (OCI) Architecture Associate, Certification.
• Knowledge of Oracle Cloud Infrastructure (OCI).
• Ability to code detection use cases using SPL, KQL, or FQL.
• Ability to use Splunk for detection engineering.
• Ability to perform data manipulation, analysis, and reporting using Python, r, or similar analytics language.
• Ability to use Structured Query Language (SQL).
• Knowledge of the cyber global threat landscape; cyber adversaries; cyber tactics, techniques, and procedures (TTPs); cyber threat intelligence sources and methods; and malware.
• Knowledge of infrastructure and application telemetry.
• Ability to use Jira and Confluence to develop, document, collaborate, and release use cases into production environments.
• Ability to write polished descriptive and persuasive business documents.
• Ability to craft reasoned explanations for decisions that can withstand audit scrutiny.

cyberireland

State Street’s Speak Up Line
Job ID R-757724

• Draft and deliver detection use cases in the Splunk Processing Language (SPL); Kusto Query Language (KQL); Falcon Query Language (FQL) and other security query languages.
• Draft and deliver Jira and Confluence pages about cloud detection use cases following prescribed business processes.
• Investigate threat reports and request for detections to determine if a new detection use case is warranted.
• Present production ready use cases to executive governing boards for review and approval.
• Write detection oriented business cases, project plans, and reasoned explanations for decisions made about detections to support the execution of detection engineering projects.
• Partners with technical and non-technical professionals to enhance detection functions, and to drive better protection and response