Job Title: Senior Detections Engineer
Job Type: Full time
SynSaber is a seed-stage ICS cybersecurity startup enabling operators and security analysts to defend industrial systems and protect critical infrastructure with precision. We’re a team of passionate security practitioners fighting on behalf of the industrial operators and analysts on the frontline.
About the Senior Detections Engineer role
Interested in being a significant contributor on a high-performance software team, developing a next-generation network sensing platform designed to secure critical infrastructure? Do you enjoy digging into complicated problems, and relish the thought of working at a startup on a small, highly-productive team? If so, we want to meet you!
Join a team that is modernizing the industrial security landscape with the opportunity to create new and revolutionary methods for identifying and detecting industrial threats and behaviors, empowering our operators with critical visibility and insights. The Senior Detections Engineer role will lead the charge developing dissectors, parsers, and rulesets that bring actionable information to the user.
This is a fully-remote opportunity. Work from where you are. We’re all experienced with operating in a fully-remote capacity. You won’t be an outlier who is separated from the rest of the team.
Success Characteristics / Required Skills & Experience
What we’re looking for:
- Deep understanding of network protocols, traffic analysis and packet inspection
- Research industrial systems, operations, and environments
- Ability to conduct background research that supports development efforts
- Developing or customizing network packet dissection and summarization libraries
- Creating data correlation/summarization pre-processors
- Development of rulesets for the purposes of threat detection, device identification, and behavior analysis
- Familiarity with baselining techniques, feeding reference data and building models against streaming data
- Contributing to product development on customer-facing, installed, and on-premise software products
- Participating in highly functional software teams that spend more time building software, rather than talking about building software
Preferred but not mandatory Skills & Experience
These things are worth bonus points:
- Experience with SIEM and datalake query structure and data formats (Splunk, Elastic, etc.)
- Previous experience writing detections/profiles/rulesets utilizing proprietary and common frameworks such as Snort/Suricata, STIX, TAXII, YARA, Python, and/or Lua
- Writing high-performance, secure code in compiled programming languages like Golang, Rust or C++
- Experience developing user interfaces, and APIs to support them
- Industrial operations and/or IoT, IIoT application experience or background
- You understand the role of good, relevant documentation
Current employee benefits include:
- Remote work environment
- Paid holidays & PTO
- Comprehensive health benefits (medical, dental, vision)
- Option to join 401k