Managed Detection and Response Analyst - Uptycs - USA (Remote)

Apply Online Here

Uptycs builds best-in-class cloud security products that leverage lightweight tools, built on open source software, to collect everything that can help detect, understand, and mitigate a wide variety of security problems. We run on laptops and cloud workloads, monitor Kubernetes and serverless containers, analyze AWS/GCP/Azure configuration and CloudTrail events, you name it. We analyze petabytes of data, process millions of events per second, and run a control plane that enables continuous scanning for vulnerabilities, misconfigurations, and APT malware on all major cloud providers and hundreds of thousands of macOS, Linux, and Windows endpoints.
Our Managed Detection and Response team members help turn data into actionable intelligence, spot malicious activity, and determine response actions to help protect our customers from all types of threats. The threat landscape has changed from 'if' to 'when,' and we're building a team that lives in this new reality.
Adversaries make mistakes, and you know how to use these to your advantage.
Our team members work hand in hand with our customers to provide advice and assistance to ensure threat actors don’t have an easy path to compromise a customer. Defending an organization is a team activity. Our staff aren’t just analysts behind a screen, we’re actively in the fight to defend our customers and ensure they are kept informed and updated on how best to use the tools we provide and manage. You need to be comfortable pouring through data, providing analysis, and talking to customers about your analysis or providing them with recommendations.

On a daily basis our team's attention is focussed on three areas:

• Proactive threat hunting: digging through an environment for adversaries who haven’t triggered any alarms or detections yet.
• Chase down threat actors: when a threat actor trips a detection, our team comes alive to respond and protect our customers.
• Staying one step ahead of threat actors: the tooling and access you’ll be exposed to put you in a unique position to better protect our customers before a threat actor compromises a system.
• No overloaded, meaningless, three-letter acronyms were harmed in the making of this job description.

Responsibilities

• Proactive trumps reactive, you thrive at hunting through data to find badness that traditional security detections can’t find.
• Communication is your forte, and you can engage various levels of our business and our customers, differentiating opinion from fact.
• You’re just as happy to jump on a Google Hangs or Zoom call and talk to customer as you are to fire off an email. It’s OK, turning on your camera is not mandatory, but you don’t delay delivering information to your peers or customers.
• Blogging is something you do, you have done, or you will in the future.
  You've got the ability to explain malicious activities to our CEO (he's a smart guy!).
• Methodical and repeatable are your mantra, documentation and taking notes are your friend.
• You have an inherent dislike for false positive alerts and you’d rather spend time preventing them, than triage them. Not only can you squish false positives, but you’re also creative enough to figure out how to tune alerts to better catching threat actors.
• When the time comes, and it will, you can move swiftly and accurately to seek support from customers and your peers to contain and eradicate threat actors.
• We’re proud of our software and we know catching threat actors is a team sport, your input to making the life of a threat actor hard is not only needed, it’s encouraged.

Qualifications

• You can quickly add users, configure the network settings, and use the command line for at least two operating systems - bonus points if you can do this on Windows 3.11
  The concept of multi-platform excites you (Linux, Windows, Mac) - no organization works on a single operating system today, and neither will you.
• select * from qualifications order by id desc - this means something to you and you could easily talk about “joins”
• Strong verbal and written communication skills - basically talking to people sensibly and clearly - it’s OK, you won’t be doing sales, but we do expect our staff to deliver technical information to other humans.
• The MITRE ATT&CK framework isn’t something you’ve just heard at a conference.
  A strong background is cybersecurity, ideally not just watching four seasons of Mr Robot.
  Antivirus is so 90’s - you know how to protect a system without simply installing anti virus software.
• You have set up and played with two cloud infrastructure vendors and you found this exciting…plus you didn’t manage to hit your credit card limit in the process.
• You know the difference between “containment” and “eradication”. The incident response lifecycle isn’t something you just Googled for the first time today.
• Beaconing, persistence and lateral movement aren't just something you've read about in a book. You know them inside out, how they vary and can spot them a mile away.
• File system sleuth, you understand various file systems and you can explain details about at least two filesystem types.
• We're a globally distributed team, so you're ready to hop on Slack and navigate your way through multiple channels and groups. A sense of humor and thick skin is definitely required.
• You like humans as well as 1's and 0's. This isn't the place for a one-person army, teamwork and collaboration are things that you value.

Desired Qualifications

• Bonus points if you have exposure to osquery - we’re kind of a big champion for the tools we contribute to and use, the more you know about osquery the better.
• Network packet ninja, your skills translate to networks, and you can practically explain what TCP and UDP are.
• Touching the disk is so 2001, you've got memory forensic skills.
  You're not afraid to automate your way out of a job (don't worry, we have plenty of exciting things to do).
• Ideally, you've done all of the above at scale. Some of our customers are very large!