Staff Detection Engineer at ServiceNow
ServiceNow is changing the way people work. With a service-orientation toward the activities, tasks and processes that make up day-to-day work life, we help the modern enterprise operate faster and be more scalable than ever before.
ServiceNow is looking to expand its Telemetry capabilities with an additional Detection Engineer. As a member of the Telemetry Engineering team you will drive security alerting into production for Security Operations. The primary role of the content engineer is to have total oversight of all things telemetry. This ownership includes creation of new alerts/dashboards, troubleshooting complex alert query fixes, managing development workflow, tracking change control, and adherence to regulatory obligations. This role will special will specialize in user behavior analytics (UBA) with a direction to build anomaly detection and complex threat modeling.
Duties and Responsibilities:
- Configure UBA anomaly and threat modeling detections.
- Assist with the entire Telemetry creation and change management from beginning to end.
- Collaborate with fellow cyber threat intelligence analysts and threat hunters teammates on new use cases.
- Troubleshoot advanced query logic and work with various teams to derive the best solution.
- Create initial alert queries and validate output with stakeholders.
- Implement changes to existing alert queries for performance improvements, threshold adjustments or exclusion filters.
- Triage and prioritize telemetry requests based off risk, impact and complexity.
- Deploy telemetry changes into production using a formalized process, to include ServiceNow Security Operations module integration for security incident creation.
- Provide telemetry item’s purpose to the documentation support analyst.
- Maintain telemetry inventory for regulatory and compliance audits.
- Coordinate with incident response team with telemetry needs for security investigations.
- Create meaningful dashboards for detection patterns or behavior monitoring. This will sometimes require statistical analysis or advanced visualizations.
- Track progress and escalate problem areas when needed.
In order to be successful in this role, we need someone who has:
- 3-5 years’ experience in information security. Preferably in the domains of Security Operations or Security Engineering.
- 2 years minimum of using Splunk Search Processing Language (SPL).
- Experience writing UBA detection rule writing.
- Prior experience with SIEM technology and log aggregation applications.
- Project management skills in order to track multiple updates with an organized method.
- Ability to understand various log types from a variety of sources such as network devices, operating systems and application specific logs.
- Proficient regex pattern matching skills.
- Knowledge of MITRE ATT&CK Matrix is a bonus.
- Familiar with effective visualizations and dashboarding fundamentals.
- Concise verbal and written communication skills.
- Experience with the ServiceNow platform is a bonus.
- Experience with the Securonix is a bonus.
Candidates must be able to meet all federal government security screening requirements as indicated: Federal security screening requirements call for applicant to verify U.S. Citizenship. Additional customer screening requirements may include additional items such as, but not limited to: specialized agency background checks (either national or local) and fingerprinting, as well as the ability to obtain a government personnel security clearance.
We provide competitive compensation, generous benefits and a professional atmosphere. This is a very collaborative and inclusive work environment where individuals strong on aptitude and attitude will have an opportunity to grow their professional careers through working with some of the most advanced technology and talented developers in the business.
ServiceNow is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, gender identity, or veteran status. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact us at (408) 501-8550, or [email protected] for assistance.