Group Manager, Threat Detection Engineering and Operations

Build and lead a new detection engineering team. This is a technical leadership role that involves detection engineering, data engineering and analytics, attack path analysis, and security orchestration and automation (SOAR). This is a key role that will define and influence Intuit's nextgen Security Operations Center (SOC) initiatives. You will own and implement the strategy of the detection engineering program as well as establish metrics that demonstrate continuous maturity towards target state objectives. The ideal candidate for the role should have a strong background in SIEM implementation and log ingestion, incident response, high interpersonal and leadership skills, be highly analytical and data driven, and have strong verbal and written communication skills.

Responsibilities

• Define detection engineering strategy, roadmap, and objectives
• Build and mature detection engineering processes and standard patterns
• Build new detection capabilities based on research of new attack techniques
• Evaluate, validate, tune, and sunset where necessary detection capabilities
• Identify and close gaps in detection coverage
• Build runbooks and playbooks for SOC analysts to operationalize new detections
• Work with system owners, SIEM team, and Detection Operations to onboard and operationalize new data sources
• Define and manage coverage and efficacy metrics, reporting them on a regular cadence to leadership
• Lead root cause analysis for detection quality issues and directing next steps to address and prevent recurrence
• Participate in Cyber Incident Response Team (CIRT) rotation that may involve non-traditional working hours