All right, close your eyes. Good. Now, I want you to picture the following person. This person has a real passion for detection. This person eats their Wheaties, with a side of freshly toasted attacker dreams of living off the land. As a defender, they thinks it’s cute that the attacker has the impression they can get by a layered defense by not dropping any binaries and just using Powershell, WMI, VBScript or the new hotness … and get away with it.
Please keep your eyes closed, we aren’t done visualizing. Next imagine this person is fascinated by engineering discipline. This person wishes unit tests for detections were as simple as importing pytest. They have a deep appreciation for what a great engineer can do with a hard problem. But they’re also someone who likes to solve hard engineering problems themselves, usually at the intersection of detection and response automation to make their lives, and their co-workers lives, a little easier.
Finally, this person we’ve been picturing thrives in working with others. They might eat breakfast and destroy the dreams of attackers, but they genuinely love watching others be successful. They are someone who has trained and mentored others to investigate and respond to alerts generated by their research. They know that true scale comes from training others.
Now open your eyes, first off I hope your eyes were open and you’re not someone who just blindly does what they’re told. Besides, how else could you have caught all the significant bits? Did you end up picturing yourself?
At Expel we’re trying to take a new approach to managed security. We spend our time trying to discover ways to keep our customers safe and our security analysts happy. We’re trying to meet our customers where they are–understanding a vast number of attacker tactics, security vendor capabilities, and customer requirements. We think innovating while managing the combinatorial explosion represents a fascinating problem. If you agree, we may have the job for you!
Interested? Apply via email@example.com.
What Expel can do for you
- Give you an opportunity to collaboratively drive a significant security capability of the business
- Empower you to coach and guide less seasoned analysts in the practice you define
- Enable you to learn from analysts, data scientists, engineers, and responders responsible for various components of Expel’s service and technology
- Ensure your voice is heard & tied directly to our business direction
- Connect you with technical & security leads across the security market
- Provide an entertaining small and highly transparent startup environment
- Challenge you to push the boundaries of our security vision
- Provide access to popular EDR, network, and SIEM technologies
What you can do for Expel
- Ensure our customers get maximum value from their security investments
- Help ensure our analysts keep learning and doing more sophisticated security work
- Identify the best approaches to power rapid detection, investigation, and response
- Continuously improve our detection capability by creating and iterating on new detection ideas
- Continuously reevaluate, redefine, extend, and refactor data sources and workflows as needed
- Stay offensive-aware; build and maintain relationships with friends, and partners pushing the cutting edge of offensive research
- Work with others across the organization to ensure quick time-to-market for new capability
- Instill a culture of experimentation and continuous improvement within the analyst corps
- Remain perpetually dissatisfied with the status quo. Help move us forward, always
- Mentor and train members of the security analysis corps
What you should bring with you
- Experience with at least one SIEM, and various EDR and network technologies
- Familiarity writing detections and triaging alerts
- Knowledge of attack vectors, threat tactics and attacker techniques
- Hands-on experience developing in python or golang for the purposes of automating mundane tasks
- Familiarity with network architecture and security infrastructure placement
- Understanding of Windows & Linux operating systems and command line tools
- A deep understanding of networking fundamentals, TCP/IP and core protocols
- Experience across a variety of offensive tools and tactics is a tremendous advantage
We work primarily from our office in Herndon, Virginia. We’ll consider fully remote work on a case-by-case basis.
We’re only hiring those authorized to work in the United States.
We’re an Equal Opportunity Employer: You’ll receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.
We do not currently sponsor immigration visas.
Interested? Apply via firstname.lastname@example.org.