Job Description

Who we are looking for

The Advanced Defensive - Detection Engineers is a member of a small team tasked with securing the firm's most critical network environments and applications.

The Advance Defensive - Detection Engineer is responsible for understanding how a threat actor is likely to attack or exploit State Street’s most critical environments and systems, and then creating, testing, enhancing, and documenting detection capabilities to detect adverse events within these systems. You must be ready to work collaboratively across the team, learning new skills and forging new procedures, relationships, and methods. Remote work options will be considered for highly skilled candidates.

What you will be responsible for

• Interpreting threat models and conduct research to write and diagram discrete and detectable threat tactics, techniques and procedures (TTPs),
• Serve as an expert advisor on detecting TTPs for executives.
• Write Technique Research Reports (TRR) or similar reports to document attack technique research and modeling to assist cybersecurity practitioners to understand, emulate, and detect cyber-attacks.
• Develop and implement new detection rules for applications, and cloud and on-premises systems.
• Triage, prioritize, and take appropriate action to address requests for detection rule corrections and/or enhancements.
• Test and tune threat detection rules within detection (e.g., SIEM, EDR) and other tools.
• Monitor, maintain, and refresh SIEM look up tables and various other tables.
• Implement automated detection rule metrics to identify performance issues and opportunities to increase efficiency, fidelity or possible retirement.
• Validate and document detection requirements, search criteria, test cases, and other development lifecycle artifacts through use of appropriate documentation libraries and development tracking tools.
• Document and maintain assets, scripts and processes to test SIEM/EDR rules for reuse.
• Partner with other Fusion Center teams to align detection strategy with threat model and MITRE ATT&CK framework.
• Partner with purple team, various security, risk, IT and business professionals to validate and document threat detection goals.
• Provide guidance in alert creation among various security controls such as EDR, IDS, Cloud, email gateways, etc. Analyze, influence, and recommend.
• Collaborate with various teams to learn, document, and maintain a library of various IT processes, naming conventions, assets, configurations, and other considerations that can be leveraged to improve security capabilities across the organization.

​ What we value

The following knowledge and experiences will help you succeed in this role:

• Minimum of 5 years of experience where specific detection engineering like functions were performed. This might include threat hunting, security operations center management, threat research and development, data science and data mining.
• Experience in advanced threat modeling, detection-as-code pipelines, MITRE ATT&CK mapping, alert triage, basic rule tuning, custom logic, threat hunting, and detection-as-code.
• Experience in threat simulation, including adversary simulation, custom tooling, Red team collaboration, and scripting emulations.
• Experience in systems in infrastructure including secure architecture design and cloud-native controls.
• Experience in full-stack scripting, automation frameworks, advanced scripting with low error rates in Python, PowerShell, SPL, SQL, KQL, and regex.
• Experience in network forensics, encrypted traffic analysis, TCP/IP, DNS, HTTP, IDS/IPS, proxy logs, VPN analysis.
• Experience in analysis, including anomaly detection, advanced statistics (e.g., probability, distributions, estimating, hypothesis testing, regression, correlation, Markov Chains, Monte Carlos, LaPlace, Rule of Five, Bayes' theorem, machine learning, k-nearest), and creation of statistical models.
• Experience with data engineering, including parsing, dashboards, API design, and related concepts.
• Awareness of compliance, including aligning detection strategy with global financial regulations, ISO 27001, EU GDPR, PCI-DSS, EU DORA, SOX, NIST CSF, US OCC Part 30 Safety and Soundness Standards, and financial compliance frameworks.
• Experience with payment systems, classified systems, or other critical environments.
• Experience presenting to and advising executives.

This knowledge will help you succeed in this role:

• Knowledge of cyber security threat actors particularly their tactics, techniques, procedures, tradecraft, and noteworthy attacks.
• Knowledge of cybersecurity principles and practices, including defense in depth.
• Knowledge of computer network protocols.
• Knowledge of risk management processes.
• Knowledge of cybersecurity law, regulations, and industry best practices.
• Knowledge of system design tools and techniques.
• Knowledge of server administration and principles and practices.
• Knowledge of software engineering principles and practices.
• Knowledge of enterprise information technology (IT) architecture principles, practices and reference models.
• Knowledge of systems engineering processes, principles and practices.
• Knowledge of hardware and software reverse engineering tools and techniques.
• Knowledge of secure software development, deployment, and maintenance.
• Knowledge of agentic AI systems, and their use in the continuous monitoring process to reduce the time from detection to response.

Education

• Bachelor’s degree in computer science, information security, engineering, data science, mathematics, or another relevant field.

Preferred qualifications

• Possess a Postgraduate degree in computer science, information security, engineering, data science, mathematics, or another relevant field.
• Experience working with information security teams such as fusion centers, security operations centers, vulnerability assessment, vulnerability threat management, security incident management, cyber “hunt,” and big data analysis.
• Experience working with law enforcement agencies and external audit organizations for investigations, audits, and similar activities.
• Self-starter, self-motivated, and able to work independently with little oversight while managing a large, globally distributed team.
• Highly polished presentation skills, with the ability to simply and convincingly present technical issues to non-technical audiences.

Desired Outcomes

Implement a suite of high-fidelity detection rules to alert on adverse events within State Street’s most critical environments.

Salary Range:

$120,000 - $202,500 Annual

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.

Employees are eligible to participate in State Street’s comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.

For a full overview, visit https://hrportal.ehr.com/statestreet/Home

About State Street

Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.

We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you’ll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future.

As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.

Discover more information on jobs at StateStreet.com/careers

Read our CEO Statement

Job Application Disclosure:

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.