Purple Teamer Detection Engineer

Black Lantern Security is a Services Oriented Company • Black Lantern Security is built around the ingenuity, passion, and determination of our Operators and Analysts • No one "mastermind" • No "cult of personality" • Competitive compensation and benefits • Healthy work-life balance • Project-based engagements that play to the team's strengths Purple Teamer Detection Engineer Location: Remote Responsibilities: • Project-Based • Develop and tune detection rules across SIEM, EDR, and other telemetry sources based on relevant and emerging threats. • Build and maintain detection-as-code pipelines (e.g., Sigma, Splunk, KQL, YARA). • Correlate threat intelligence with internal telemetry to enrich detection logic. • Create detailed runbooks for adversary emulation and control validation using tools like Atomic Red Team, Caldera, or SCYTHE. • Collaborate with the red team to simulate relevant and emergent threat actor TTPs. • Utilize frameworks such as MITRE ATT&CK and D3FEND to assess and track detection coverage. • Prepare clear and concise situation reports and activity summaries for both customers and senior leadership. • Develop and deliver walkthroughs, proof-of-concept (PoC) demonstrations, technical articles, and formal presentations. • Research and Development (R&D) • Attend and/or present at professional conferences, industry events, or internal brown-bag sessions. • Contribute to the development of: • * Novel defensive tactics, techniques, and procedures (TTPs). • Custom applications, utilities, and automation scripts. • Threat hunting capabilities aligned with MITRE ATT&CK and emerging offensive TTPs. • Digital forensics and incident response (DFIR) tools, techniques, and methodologies. Preferences: • Experience with Splunk and/or the Elastic Stack (Elasticsearch, Kibana, Logstash). • Familiarity with building, modifying, or deploying open-source security tools. • Experience with cloud environments and cloud-native telemetry (AWS, Azure, GCP) is a plus. • Prior involvement in Purple Team engagements, adversary emulation exercises, or red team collaboration. Requirements: • Proficiency in scripting languages such as Python, Bash, and/or PowerShell. • Experience with at least one object-oriented programming language (e.g., Python, Ruby, Java). • Experience ingesting, parsing, and analyzing logs from diverse sources (e.g., OS, EDR, network, cloud). • Hands-on experience with one or more SIEM platforms (e.g., Splunk, ArcSight, LogRhythm, AlienVault). • Proficiency in detection query languages (e.g., Splunk SPL, KQL, Elastic DSL). • Familiarity with threat emulation and adversary simulation tools (e.g., ATT&CK Navigator, Atomic Red Team, PurpleSharp, AttackIQ, Prelude, SCYTHE). • Strong foundational knowledge of Windows, Unix, TCP/IP, IDS/IPS technologies, and web filtering controls. • U.S. citizenship required (must be willing to undergo federal, state, and local background checks). • Demonstrated ability to: • Maintain the highest standards of honesty, ethics, and technical integrity. • Think critically and analytically about complex cyber risk and threat scenarios. • Build and communicate threat models and risk assessments effectively. • Apply cybersecurity frameworks and best practices (e.g., MITRE ATT&CK, NIST 800-61). • Demonstrate a working understanding of regulatory frameworks such as HIPAA, PCI-DSS, and GLBA. Apply tot his job