threat detection engineer

security & enterprise it – cloud and data security /
full time /
what is CRED?
CRED is an exclusive community for India’s most trustworthy and creditworthy individuals, where the members are rewarded for good financial behavior. CRED was born out of a need to bring back the focus on a long lost virtue, one of trust, the idea being to create a community centered around this virtue. a community that constantly strives to become more virtuous in this regard till they finally scale their behavior to create a utopia where being trustworthy is the norm and not the exception. to build a community like this requires a community of its own; a community special in its own way, working towards making this vision come true. 

here’s a thought experiment: what do you get when you put a group of incredibly passionate and driven people and entrust them with the complete freedom to chase down their goals in a completely uninhibited manner? answer: you get something close to what we have at CRED; CRED just has it better. 

here’s what will be in store for you at CRED once you join as a part of the team 

what you will do ?

    • work on a diverse domain of information security across the organisation, most important infrastructure and data security
    • responsible identifying security issues (external as well as internal), help stakeholders to mitigate and at frequent occasions build a solution around some of the complex problem statements implement/maintain security for cloud-based systems/applications
    • formulate new detection ideas based on newly-published research, industry trends, or major incidents.
    • respond to security incidents and think of how to prevent such incidents
    • develop and enhance the CRED’s detection, monitoring and response capabilities
    • automate various security incident responses using playbook
    • build in-house security analytics solutions using open source tools (log parsing, event correlation and threat detection)
    • research/conduct threat hunting operations using known adversary tactics, techniques and procedures to detect advanced threats
    • build in-house security frameworks to establish a state of art security culture inside tech
    • be responsible to track security incident responses across the organisation
    • assist with creating security awareness and maintaining prudent security engineering culture within an organisation
    • enable compliance in teams and help them achieve some of the industry’s best practices (e.g. PCI DSS, ISO 27001)

you should apply if you have:

    • 3-6 years of experience in information security
    • proficiency in one of the programming languages (python, golang, bash)
    • the ability to be a go-to person and communicate effectively with stakeholders (engineers, product, business teams)
    • an understanding of MITRE ATT&CK, Cyber Kill Chain, Diamond Model
    • knowledge in operating centralised log analysis tools - ELK, Splunk, etc
    • experience with deploying custom-built and scalable security solutions & enterprise or open-source security tools - SIEM, IDS/IPS, EDR, FIM, PAM
    • experience with handling incident response life-cycle (detection, identification, containment, analysis, remediation and reporting)
    • the ability to read packet capture or memory dumps and create regex on the fly.
    • a GitHub profile, blog or a conference presentation
    • the ability to influence organisations and stakeholders by practising a data-driven approach
    • ability to be proactive in keeping yourself updated with security news/issues/breaches/tools/blogs on the internet
    • the zeal to explore diverse domains of information security and have a fast learning curve
    • the ability to distill complex security threats and risks into simple terms for non-security (and even non-technical) stakeholders. 
how is life at CRED?

working at CRED would instantly make you realize one thing: you are working with the best talent around you. not just in the role you occupy, but everywhere you go. talk to someone around you; most likely you will be talking to a singer, standup comic, artist, writer, an athlete, maybe a magician. at CRED people always have talent up their sleeves. with the right company, even conversations can be rejuvenating. at CRED, we guarantee a good company.

hard truths: pushing oneself comes with the role. and we realise pushing oneself is hard work. which is why CRED is in the continuous process of building an environment that helps the team rejuvenate oneself: included but not limited to a stacked, in-house pantry, with lunch and dinner provided for all the team members, paid sick leaves and a comprehensive health insurance. 
to make things smoother and to make sure you spend time and energy only on the most important things, 

CRED strives to make every process transparent: there are no work timings because we do not believe in archaic methods of calculating productivity, your work should speak for you. there are no job designations because you will be expected to hold down roles that cannot be described in one word. since trust is a major virtue in the community we have built, we make it a point to highlight it in the community behind CRED: all our employees get their salaries before their joining date. a show of trust that speaks volumes because of the skin in the game. 

there are many more such eccentricities that make CRED what it is but that’s for one to discover. if you feel at home reading this, get in touch.