Network Threat Researcher
Network Threat Researcher
eSentire, Inc. is the Authority in Managed Detection and Response, protecting the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats.
Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business-disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk and enables security at scale.
The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts, Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services.
It's our mission at eSentire to protect our customers 24/7/365 and we extend this conviction to job seekers. During the application and interview process, eSentire will communicate with you from one of our corporate "@esentire.com" email addresses, never from a public email address. We strive to provide a welcoming, respectful, and thorough interview process, providing the candidate with ample opportunity to spend time with the hiring manager, recruiter, and future colleagues face to face, or using a video conference technology.
The successful candidate will report to the Manager of Tactical Threat Response and be responsible for end-to-end threat detection in our MDR for Network service. The Tactical Threat Response (TTR) team creates proprietary security content, network rules to detect threats, and runbooks to streamline investigations. TTR is made up of dedicated security experts that manage the entire content creation process, which is informed by observations from our Security Operations Center (SOC), outputs from the other teams within the Threat Response Unit (TRU) and the MITRE ATT&CK framework. The TTR team manages the security content development roadmap to ensure our services keep up with the threat landscape.
- Identifying, organizing, and processing new novel detection techniques
- Triaging new detectors
- Detector development
- Deployment and Support
- Ongoing tuning and maintenance
- Network Threat Detection subject matter expert
- Threat Modeling: Understand how adversaries will attack network/cloud infrastructure, what their goals may be, and where detection opportunities exist
- Security Data Analysis and Analytics: Identify patterns and anomalies in logs, packet captures, system events, and other relevant security data, apply analytics, and create actionable detections
- Investigation Theory: Ability to take an alert and define repeatable investigation steps that support a security outcome
- Threat Hunting: Understand adversary behavior, develop a hypothesis, design hunts, and interpret the results
- Process oriented: Experience understanding, following, updating, and creating repeatable instructions for day-to-day activities
- Independent self-starter: Experience independently generating ideas, developing a plan, and executing on that plan
- Experience interpreting and writing Suricata rules
- Understanding and experience with network attacks, adversary goals, and investigating incidents using network data
- Experience analyzing network data and developing rules that may require you to use regex, YARA, Sigma, or any other enterprise grade technology or formats
- Experience threat hunting using session data or raw PCAP
- Experience documenting investigation strategies or developing incident reports
- Knowledge of attacker tactics, techniques, and procedures and understanding of how these activities manifest in network data
- Knowledge of operating systems and networking
- Knowledge of Incident Response and Forensics applied to network data
- Experience in testing security signatures in controlled environments to ensure accuracy and minimize false positives
- Familiarity with relevant industry compliance standards (e.g., PCI DSS, HIPAA, GDPR) and the ability to develop signatures to meet compliance requirements
- Proficiency in programming and scripting languages (e.g., Python, Perl, PowerShell) to automate signature development and testing
- 3+ years of relevant work experience in network security
- Familiarity with packet capture tools such as Wireshark and tcpdump for in-depth analysis of network traffic
- Certified Information Systems Security Professional (CISSP), or any relevant intrusion detection and network security certifications
Why a Career with eSentire?
Our Culture: At eSentire we work in a collaborative and innovative work environment. We work with brilliant and passionate people who strive and encourage others to do their best. eSentire’s idea-rich environment welcomes creative and sometimes unconventional perspectives!
Growth Opportunities: At eSentire you will have the opportunity to grow and make an impact from your work. We encourage innovation in all who become a part of our team. With growing operations internationally, there are many lateral and upward advancement opportunities for rewarding and developing careers with eSentire. We’re strong believers in continuing education and provide the resources that you need to continue learning.
Employee Perks: We provide breakfast, snacks and refreshments (at our physical office locations in Waterloo, London, and Cork), flexible working hours and vacation, company-wide equity and bonus programs, subsidies for continuing education and health & wellness, and attractive compensation and benefits plans. We make it our obligation to the team to stay current with compensation trends in the tech field!
We thank all applicants in advance for applying. Only individuals selected for interviews will be contacted.
eSentire is committed to creating a fair work environment that is aligned with the Accessibility for Ontarians with Disabilities Act (AODA). We guarantee equal treatment and provide opportunities regardless of race, creed, color, religion, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex, status as a protected veteran or any other legally protected grounds and will not discriminate on these basis. If you have any accessibility requirements during the recruitment process, please reach out to our HR team at firstname.lastname@example.org and any accommodation needs will be addressed upon request.
- Job Family Security Internal (Advanced)
- Pay Type Salary