The Senior Cloud Security Engineer, TDIR will partner with Software Engineers, Security Engineers, Compliance, and Legal to build threat detection and response engineering for Tanium Cloud’s services. You will be an integral part of the Tanium Cloud engineering processes, responsible for the discovery, assessment, triage, and remediation of security events and threats impacting Tanium Cloud. You will be identifying gaps in current detections and system coverage, creating custom detection-as-code to automate and detect advanced and novel threats, perform investigations for sophisticated and previously unknown threats, automate real-time responsive actions, and building and operating systems to automate detection and remediation for protecting Tanium’s cloud services.
A successful candidate will have experience building and operating as a cloud security engineer in a DevOps environment. This will include building detections-as-code in Git, establishing and tuning cloud detection engineering and response efforts, building cloud-native playbooks and automated run-books for security detection and response, and drawing upon automation and cross functional partnerships to create scalable and resilient operational capabilities.
What you'll do:
- Build and operate Tanium Cloud’s security systems for automated detections and responses as code using DevOps tools and practices in Azure and AWS
- Proactively identify risks and malicious activity in our cloud infrastructure and systems
- Analyze systems, logs, events, and alerts for signs of malicious activity
- Write custom detections rules and tools to monitor, analyze, and detect malicious activity
- Build automation for response and remediation of malicious and anomalous activity
- Drive implementation of countermeasures, mitigations, and containment
- Collaborate with engineering, IT, and other security teams to develop scalable and flexible solutions for defending Tanium Cloud from low-level actors to nation state actors
- Build, cultivate, and maintain positive relationships with internal customers to identify and facilitate solutions to increase the impact of the team's work
- Provide feedback into Tanium products, modules, and services to improve TDIR capabilities as an internal customer with real-world experiences.
- Be on periodic on-call for triage of critical alerts from detections
We’re looking for someone with:
- Bachelor's Degree in Computer Science, IT or other relevant degree or equivalent work experience
- Must be able to obtain Reliability status (RS) for Protected A, B, C at a minimum
- 4+ years of experience in building automated security event prevention, detection, response, with at least 2 of those years for cloud systems (e.g. AWS, Azure).
- 2+ years of experience building security tools in Python or GoLang using DevOps application development practices (e.g. Git, JIRA, Kanban) and deployment (e.g. Jenkins, GitHub Action Runners, CloudFormation, Terraform)
- 2+ years of experience in threat hunting tactics and techniques in Linux, containers, and serverless systems to proactively identify known and unknown cyber threats, advisory behaviors, and anomalies
- Solid understanding of modern attacker tactics, techniques, and procedures (TTPs) (e.g. MITRE ATT&CK, building threat intelligence, etc.)
- Experience with building and operating a SIEM in cloud (i.e. Splunk, Sentinel, etc.) or cloud-based security analytics tools (e.g., Jupiter Notebook, etc. ) for cloud security data search and analysis operations.
- Experience designing and building defense-in-depth security monitoring to aid in detection, triage, analysis, and response
- Working with industry security and risks standards (e.g. NIST SP 800-53 Moderate, PCI DSS, SOC2, ISO 27001, CIS Benchmarks) for sensitive data protections
Tanium, the industry’s only provider of converged endpoint management (XEM), leads the paradigm shift in legacy approaches to managing complex security and technology environments. Only Tanium protects every team, endpoint, and workflow from cyber threats by integrating IT, Operations, Security, and Risk into a single platform that delivers comprehensive visibility across devices, a unified set of controls, and a common taxonomy for a single shared purpose: to protect critical information and infrastructure at scale. Tanium has been named to the Forbes Cloud 100 list for six consecutive years and ranks on Fortune’s list of the Best Large Workplaces in Technology. In fact, more than half of the Fortune 100 and the U.S. armed forces trust Tanium to protect people; defend data; secure systems; and see and control every endpoint, team, and workflow everywhere. That’s the power of certainty. Visit www.tanium.com and follow us on LinkedIn and Twitter.
On a mission. Together.
At Tanium, we are stewards of a culture that emphasizes the importance of collaboration, respect, and diversity. In our pursuit of revolutionizing the way some of the largest enterprises and governments in the world solve their most difficult IT challenges, we are strengthened by our unique perspectives and by our collective actions.
We are an organization with stakeholders around the world and it’s imperative that the diversity of our customers and communities is reflected internally in our team members. We strive to create a diverse and inclusive environment where everyone feels they have opportunities to succeed and grow because we know that only together can we do great things.
Taking care of our team members
Each of our team members has 5 days set aside as volunteer time off (VTO) to contribute to the communities they live in and give back to the causes they care about most.