Full-Time Senior Director, Threat Detection & Platform Engineering

Senior Director of Threat Detection and Platform Engineering will lead Experian's Global Security Engineering Center of Excellence.

Develop fully integrated cyber fusion security engineering capabilities and platforms.

Lead a team of engineers developing high-quality threat detection rules informed by critical threats targeting Experian.

Lead security platform engineers across multiple capabilities: deception grid, attack simulation, SOAR, SIEM, and UEBA.

Report to the SVP of Security Architecture and Engineering.

Key Responsibilities:

• Lead a team to create and implement automated workflows in tools enhancing incident response capabilities and security operations.
• Oversee building high-quality threat detection rules, queries, and alerts based on use cases, threat scenarios, and threat intelligence (MITRE ATT&CK).
• Provide leadership and vision to security engineering planning: short-, mid-, and long-term engineering proposals, technical and complex product planning, technical innovation, and strategic platform integrations.
• Participate in Security Architecture and Engineering EGSO leadership team, creating vision, mission, and strategic goals.
• Collaborate with executives across EGSO to deliver KPI/KRI threat detection metrics, progress reporting, and strategy.
• Collaborate with SOC analysts, Incident Responders, and Threat Intelligence researchers to understand and respond to latest threats.
• Evaluate new security tools, techniques, and processes to enhance threat detection and response.
• Assess management of detection rules and automated workflows for optimal performance, effectiveness, and accuracy.
• Oversee and participate in incident response activation and directives.
• Stay current on regulatory changes, threats, and evolving technologies, implementing security architecture based on risks.
• Participate in Breach Response exercises, establishing and validating procedures to restore business activities.

Qualifications:

• 10+ years of leadership experience in a technical capacity
• 8+ years of information security experience (security operations, incident analysis, etc.)
• Splunk or SIEM tools expertise (rule creation, query writing, alert management)
• SOAR platform proficiency (automated workflows and playbooks)
• MITRE ATT&CK framework, cyber threat landscape, attack vectors, and threat actors expertise
• In-depth packet analysis, forensic familiarity, incident response, and data fusion skills
• System administration (Unix, Linux, or Windows)
• Network forensics, logging, and event management
• Defensive network infrastructure (operations or engineering)
• Vulnerability assessment and penetration testing concepts
• Malware analysis, reverse engineering
• Knowledge of network and host security technologies (firewalls, network IDS, scanners)
• Security monitoring technologies (WAF, Web Proxies, UEBA, DLP)
• Cybersecurity frameworks (NIST), industry standards
• Security certifications (CISSP, GCIH, GCIA, etc.) - preferred

Benefits:

• Competitive compensation and bonus plan
• Medical, dental, vision, and 401K match
• Flexible work environment (remote, hybrid, or in-office)
• Flexible time off (volunteer time off, vacation, sick, and 12 paid holidays)

What is the last date for applying to the job?

Which countries are accepted for this remote job?