Job Description

Threat Detection Engineer– Denver, CO (Hybrid)

Are you a passionate security professional?  Do you want to work for a global business that is committed to moving money for the better?  Are you interested in joining a globally diverse organization where our unique contributions are recognized and celebrated, allowing each of us to thrive? Then it’s time to join Western Union as a Threat Detection Engineer!

Applicants must be currently authorized to work in the United States on a full-time basis. Western Union will not sponsor applicants for work visas for this position including student visa.

Western Union powers your pursuit. 

In this critical role, you will be responsible for implementing, maintaining, monitoring, and managing SIEM solutions deployed throughout the security operations center (CFC). Working alongside cybersecurity engineering teams, the information security engineer facilitates architectural designs, best practices, and build advanced threat detection rules. This role is also responsible for providing support to the incident response, Insider Threat, ASR, Threat Intelligence, security operations and security audits during United States hours.

Role Responsibilities

Develop use cases and create threat detection logic, rules, and alerting in SIEM and Analytics tools for response by CFC / IR
Work with Threat?Intel to?identify and recommend new internal and external data sources to develop additional adverse based detection logic
Onboarding new data sources and data normalization according to use case's needs.
Operationalize Indicator of Compromise from intelligence feeds by developing, testing, and deploying monitoring and alerting rules into SIEM or Analytic?solutions.? 
Responsible for providing support to the incident response, Insider Threat, ASR, Threat Intelligence, security operations and security audits during US hours.

Role Requirements 

Bachelor’s degree in computer science, Information Security, or Information Systems or equivalent experience
At least 5-7 years’ cybersecurity experience with at least 4 years in an engineering-based role supporting SOC and IR teams.
Proficient in one or more Next Gen SIEM technologies (e.g.., Splunk , LogRhythm, Google Security Operations, or CrowdStrike).
Advanced knowledge of operating system configuration (Windows, Unix, Linux) and networking (DNS, DHCP, routing protocols).
Ability to analyze event and incident logs and work with SOC and IR teams to assess security events related to malware, vulnerabilities, exploits and kill chain methodology.
Ability to interface with threat intelligence platforms and SOAR solutions to centralize and manage incidents and remediation workflow. 
Experienced with one or more scripting languages (e.g., Python, PowerShell, Bash, etc.).
Operationalize Indicator of Compromise from intelligence feeds by developing, testing, and deploying monitoring and alerting rules into SIEM or Analytic solutions.
Basic knowledge of adversary tactics, techniques, and procedures (TTPs) and MITRE ATT&ACK principles.
Certifications:  CISSP, GSEC, GCIH, GCIA, GCFE preferable, but not required.