Detection Engineer

Total Number of Openings

Detection Engineering Analysts are a part of Chevron’s Cyber Intelligence Center (CIC). The Detection Engineering Analyst role will primarily focus on developing custom cyber security threat content, which includes detection signatures across various cyber security platforms, creating risk base analytic rules to prioritizes threat alerting and threat detection analytics. The Detection Engineering team is focused on creating advanced detection capabilities to prevent pending cyber threats targeting Chevron.

The Detection Engineering Analyst is expected to have previous cyber security domain knowledge (cyber threat landscape, an understanding of reconnaissance, malware, phishing, lateral movement, and exfiltration), and hands-on experience analyzing network traffic or system logs, the ability to create detection signatures for both network and endpoints, and to create signatures based off anomalous traffic. Experience in both Splunk SPL and Microsoft Defender KQL is required, as Detection Engineering analysts will operate daily in both these applications.

The successful candidate will be expected to perform data analysis across network and endpoint security logs, translate newly identified threat actor tactics, techniques, and procedures (TTPs) into new threat detections and operate proficiently in Splunk and Defender. The candidate can expect to work in a high tempo environment at time to maintain the pace of the cyber security landscape.

Responsibilities for this position include but are not limited to:

·         Creating custom detection signatures in a variety of cyber security platforms such as Splunk and Microsoft Defender.

·         Working in an operational environment, closely with the Incident Response and Threat Intelligence team to create and modify detections as necessary.

·         Maintain awareness of current cyber security events, and threat actor tactics, techniques and procedures (TTPs).

Required Experience include:

·         The Detection Engineering Analyst is expected to have previous cyber security domain knowledge (cyber threat landscape, an understanding of reconnaissance, malware, phishing, lateral movement, and exfiltration).

·         The Detection Engineer Analyst will be expected to perform data analytics across network and endpoint security logs, translate newly identified threat actor tactics, techniques, and procedures (TTPs) from threat intelligence reporting into new threat detections. All candidates considered must have hands on experience in the previously mentioned skilled areas.

·         Demonstrate the ability to communicate and influence stakeholders across multiple teams and coordinate day to day operations with personnel.

Technical

Possess an understanding of the cyber security threat landscape (reconnaissance, exploitation, malware, phishing, lateral movement, and data exfiltration), the ability to analyzing threat actor tactics and techniques to create custom detection signatures.

Build Relationships

Demonstrate the ability to communicate and influence stakeholders across multiple teams and coordinate day to day operations with personnel.

Analytical

Ability to create advanced queries to analyze data from multiple data sources, develop custom detection content based off internal analysis and external intelligence reporting. Able to identify vulnerabilities and create content detections to reduce exposure.  

Grow Capabilities

Demonstrate the ability to drive the maturation of a growing team through people, process, and technology. Possesses the drive for continuous improvement in growing technical skills across multiple disciplines and technologies.

Chevron participates in E-Verify in certain locations as required by law.