Senior Threat Detection Engineer - Opportunity for Working Remotely

The Elevator Pitch: Why will you enjoy this new opportunity?

Working with a team of Incident Responders, Threat Hunters and Threat Intel analysts, you shall be responsible for building capabilities to detect threats that target VMware and our customers. If building signals to efficiently detect attacker behavior and techniques, and aid in obstruction and eviction of the threat actor from the environment sound exciting to you, then this role is cut out for you! And you get to do it while enjoying the company of team members who love memes, gifs and tacos. Above all, you get to work in a culture where new ideas and calculated risks are strongly encouraged and appreciated.

Success in the Role: What are the performance outcomes over the first 6-12 months you will work toward completing?

• Within the first 30 days - Understand the existing detection controls and flag the gaps in our current detection posture, in our Corp and Cloud environments
• Within the first 60 days - Take a lead in building detection content to remediate the gaps identified in detection coverage, while continuously tuning to reduce false positives
• Within the first 90 days - Build trust relationships with critical stakeholders (Detection and Monitoring Team, Threat Intel Analysts, Threat Hunters and Engineering teams) and implement a detection portfolio to continuously develop and push out detection as code.
• Within the first 365 days - Execute continuous purple teaming exercises across variety of platforms and services and validate the efficacy of detection controls

The Work: What type of work will you be doing? What assignments, requirements, or skills will you be performing on a regular basis?

We are looking for a subject matter expert in developing signals that detect Threat actor/anomalous activity. Someone who can take lead in developing high fidelity detections from logs (Security Product logs, Application logs, Infrastructure logs etc.) that could be consumed by our Detection and Response team. This is not an entry level position, you will be expected to think, act, and execute with urgency with limited guidance. More details below,

• You understand Threat Actor TTPs (MITRE ATT&CK Matrices) innately and take pleasure in writing high fidelity rules that help uncover threat actor behaviors
• You can create detection capabilities utilizing Threat Intelligence reports and Threat model reviews
• You have extensive experience in at least one of the following areas- Incident Response/Threat Hunting/Threat Intelligence/Threat Detection/Reverse Engineering
• You have had experience in at least two or more of the following areas - Developing signals using raw logs, Writing SIEM/Sigma Correlation rules, Writing IPS/IDS rules, Experience with YARA, Experience with UEBA focused ML data models
• You are passionate about securing the organization, while collaborating with fellow Security SMEs and take pride in learning from others and helping others learn

What is the leadership like for this role? What is the structure and culture of the team like?

The Hiring Manager for this role is Karthik Yetukuri, Director of the Security Intelligence and Response Team (SIRT). He has experience working in the trenches defending organizations, in diverse Technical and Leadership roles and has been with VMware for over 5 years.

He believes in fostering psychological safety within the team and strives to create fulfilling opportunities for the team members. The Team consists of DFIR Specialists, Threat Detection Engineers, Incident Managers and Program Managers, spread around the globe. We take pride in being a collaborative team that strives on working and winning together.

Where is this role located?

Remote: This role can be based anywhere in the US.

What are the benefits and perks of working at VMware?

You and your loved ones will be supported with a competitive and comprehensive benefits package. Below are some highlights, or you can view the complete benefits package by visiting .

• Medical Coverage, Retirement, and Parental Leave Plans for All Family Types
• Generous Time Off Programs
• 40 hours of paid time to volunteer in your community
• Rethink's Neurodiversity program to support parents raising children with learning or behavior challenges, or developmental disabilities
• Financial contributions to your ongoing development (conference participation, training, course work, etc.)
• Healthy and local-inspired snacks in all our on-site pantries

This job may require the candidate to travel and/or work from a facility that requires full vaccination prior to entry.

Category : Engineering and Technology

Subcategory: Information Security

Experience: Business Leadership

Full Time/ Part Time: Full Time

Posted Date: 2022-09-14

VMware Company Overview: At VMware, we believe that software has the power to unlock new opportunities for people and our planet. We look beyond the barriers of compromise to engineer new ways to make technologies work together seamlessly. Our cloud, mobility, and security software form a flexible, consistent digital foundation for securely delivering the apps, services and experiences that are transforming business innovation around the globe. At the core of what we do are our people who deeply value execution, passion, integrity, customers, and community. Shape what's possible today at .

Equal Employment Opportunity Statement: VMware is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: VMware is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at VMware are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. VMware will not tolerate discrimination or harassment based on any of these characteristics. VMware encourages applicants of all ages. Vmware will provide reasonable accommodation to employees who have protected disabilities consistent with local law.