Security Operations Engineer

• Hunt directly in customers' environments with proactive and reactive guidance.
• Explore and correlate large data sets to uncover novel attack techniques, monitor and catalog changes in activity group tradecraft, and investigate alerts for enterprise customers.
• Work directly with customers at all levels of their security organization, from analyst to CISO, to support investigation and response.
• Collaborate with our data science and threat research teams to develop and maintain accurate and durable detections.
• Support is available 24/7 with a "follow the sun" model involving the India team. Coverage for the Americas is from 10 am to 7 pm Costa Rica time, with weekend rotations.

• 3+ years of experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection.
• OR Master's Degree in Statistics, Mathematics, Computer Science, or related field.
• 3+ years of experience in a technical role in Security Operations, Threat Intelligence, Cyber Incident Response, or Penetration Testing/Red Team.
• 3+ years of experience with large data sets, using tools and scripting languages such as Excel, KQL, Python, and PowerBI.

• 3+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection.
• Advanced knowledge of operating system internals and security mechanisms.
• Experience analyzing attacker techniques.
• Knowledge of kill-chain model, ATT&CK framework, and modern penetration testing techniques.
• Knowledge of operating system internals, OS security mitigations, and security challenges across Windows, Linux, Mac, Android, and iOS platforms.
• Experience with cloud environments and network signals.
• Excellent cross-group and interpersonal skills, with the ability to articulate detection needs.
• Knowledge of major cloud and productivity platforms, identity systems, and related security concerns.
• Experience with Threat Intelligence curation.
• Experience communicating directly with customers in a service delivery role.
• Ability to 'tell a story' with data.
• Experience with reverse engineering, digital forensics (DFIR), incident response, or machine learning models.
• Experience with system administration in large enterprise environments, including Windows, Linux, network, and cloud administration.
• Experience with offensive security tools such as Metasploit, exploit development, OSINT, and enterprise network breaching techniques.
• Additional degrees or certifications like CISSP, OSCP, CEH, or GIAC are a plus.

Ability to meet security screening requirements for Microsoft, customers, and/or government agencies is mandatory. This includes passing background checks upon hire, transfer, and every two years.