Job Description
Company Description
Anomali is headquartered in Silicon Valley and is the Leading AI-Powered Security Operations Platform that is modernizing security operations. At the center of it is an omnipresent, intelligent, and multilingual Anomali Copilot that automates key workflows and empowers your team to deliver critical threat insights to leadership in seconds.
Anomali unifies ETL, SIEM, XDR, SOAR, and the world’s largest repository of global intelligence into a single, cloud-native platform that improves detection, speeds investigations, and reduces costs at scale.
Do more with less. Be Different. Be the Anomali.
Learn more at www.anomali.com
Position Description:
As a Security Analytics Content Engineer, you will lead the design and production of content detection logic and rules used in Anomali’s various technologies. This role is responsible for supporting Anomali’s content detection efforts to become a leader in Security Analytics Market. You will also be responsible for building, deploying and testing all SIEM detection rules and logic .
1.Threat Analysis and Detection:
Analyzing various forms of digital content, such as emails, web pages, and files, to detect potential security threats like malware, phishing attacks, or harmful scripts. Creating documents on the treats found during the threat analysis, including what the threat is, when the treat was first noticed, where the threat originated, how to detect the threat, why to mitigate the threat and, with whom the threat is associated.
2.Deep Dive into TTPs:
Techniques Identification: Identify specific techniques used in the campaign, such as spear phishing, exploitation of public-facing applications, or credential dumping.
Tactics Correlation:
Correlate these techniques with the tactics in the MITRE ATT&CK matrix, which are broad categories describing the objectives of the adversary, such as “Initial Access”, “Execution”, “Persistence”, etc.
Procedures Detailing:
Detail the specific procedures or methods used for each technique. For instance, if the technique is ‘spear phishing’, the procedure might involve sending emails with malicious attachments tailored to specific individuals
Detection Mapping:
Create detections to watch the adversary’s behavior to known profiles in the MITRE ATT&CK framework.
3.Development of Detection Rules:
Designing and developing detection rules and algorithms using query language operators and functions to automatically detect harmful content. This involves understanding the latest in machine learning, pattern recognition, and data analysis techniques.
4.Research and Keeping Up-to-date:
Staying informed about the latest malware trends, attack vectors, and detection technologies. This involves continuous learning and sometimes participating in cybersecurity research with Anomali’s Advanced Threat Research Group.
5.Testing Custom Detection Tools:
Develop Custom Scripts/Tools: If applicable, test custom-developed scripts or tools designed for malware detection.
Machine Learning Models: Evaluate the effectiveness of any machine learning models that have been trained to detect malware.
A Content Detection Engineer typically specializes in identifying and mitigating security threats . This role involves analyzing threat actors , their campaigns, and creating detection rules and algorithms to detect and prevent such attacks. Additionally, the role may create content based on approved customer requests. The role is a blend of cybersecurity knowledge and content analysis skills.
Qualifications
Required Skills/Experience:
o Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field. Additional experience and/or relevant certifications will be considered in lieu of degree.
o Proficiency in programming languages such as Python, Java, or C++.
o Foundational understanding of Threat Intelligence and detection rules for Malware and malicious campaigns.
o Ability to analyze and interpret logs and alerts from various security tools.
o Experience with machine learning and artificial intelligence, especially in content recognition and classification.
o Familiarity with data analysis and data mining techniques.
o Experience with tools and techniques for detecting malware, phishing attempts, and other malicious content.
o Knowledge of network security and protocols, including experience with firewalls, intrusion detection systems, and encryption technologies.
o 2+ years of relevant experience in the cyber security space, doing work relevant to the responsibilities of this position.
o Previous experience in threat analysis, content detection or a similar field.
o Hands-on experience with machine learning algorithms and tools.
o Strong analytical and problem-solving skills.
o Attention to detail and accuracy.
o Ability to work independently and as part of a team.
o Good communication skills, as the role may involve collaborating with other teams and explaining complex concepts to non-technical stakeholders.
o Willingness to stay updated with the latest developments in technology, particularly in areas relevant to content detection.
o This position is a hybrid position working onsite at our Belfast office. This position is not remote.
o This position is not eligible for employment visa sponsorship. The successful candidate must be authorized to work freely in Belfast.
Benefits:
o Competitive Salary
Medical
o Private Healthcare Plan
o Dental Plan
o Optical Plan
Work-Life Balance
o Paid Public Holidays
o Accrued Paid Time Off – 25 days
Equal Opportunities Monitoring
It is our policy to ensure that all eligible persons have equal opportunity for employment and advancement on the basis of their ability, qualifications and aptitude. We select those suitable for appointment solely on the basis of merit without regard to an individual’s disability, race, religion, sex, age or sexual orientation. Monitoring is carried out to ensure that our equal opportunity policy is effectively implemented.
If you are interested in applying for employment with Anomali and need special assistance or accommodation to apply for a posted position, contact our Recruiting team at [email protected]. We are happy to discuss reasonable adjustments.
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
