Join Snap Inc.'s Detection and Response (D&R) team as a Security Engineer. In this role, you will be at the forefront of engineering innovative security solutions, building and deploying robust systems to protect our digital infrastructure and investigating any suspicious activity on our networks as an incident responder. You'll work from our Sydney office in collaboration with global teams in the US and Switzerland, embracing an engineering mindset to effectively identify and neutralise threats across our production environments, corporate infrastructure, and internal tools. 

This is not your typical IR or analyst role, we spend large percentages of our time on project work, balancing this with our operational duties such as detection engineering and incident response. If you're ready to make a tangible impact and drive innovative security projects, apply now to join our global team and help shape the future of security at Snap Inc. ​​Key Responsibilities:

• Build, deploy and maintain large scale security systems across our ecosystem.
• Research, innovate and improve our security capabilities through new and enhanced tooling.
• Develop smart automation strategies to reduce the need for manual alert triage.
• Conduct detection engineering to increase coverage, identifying malicious activities across Snap Inc.'s endpoints, infrastructure, networks, and cloud environments.
• Investigate alerts and potential incidents end-to-end, including digital forensics, malware analysis and threat intelligence as needed.
• Lead incident response efforts and respond to intrusion attempts and suspicious activities, collaborating with multiple Snap Inc. teams.
• Participate in red team exercises and threat simulations in order to identify gaps, improve competencies and expand the team’s knowledge.

​​Knowledge, Skills & Abilities:

• Strong programming skills in Python and/or Go.
• Practical experience with BeyondCorp or ZeroTrust security models.
• Proven expertise in one or more detection and response related areas such as:
  • digital forensics (forensic artefacts, disk and cloud acquisition and analysis, forensic tooling e.g. GRR, Timesketch)
  • malware analysis (static and dynamic analysis, using tools like IDA Pro and Ghidra)
  • incident management and response (coordinating large scale or impactful security events with multiple stakeholders)
  • host/network intrusion detection (able to parse and understand large and often unfamiliar logs and systems)
  • network telemetry (understanding network flows, PCAPs and technologies like Zeek)
  • threat intelligence (have an understand of how to model a threat actor and their TTPs)
  • threat hunting (know how to find suspicious activity or IOCs across data lakes)
• Understanding of operating system internals, with a core competency in two or more of the following including file and disk structures, forensic process, security controls, hardening, scripting and binary investigations:
  • macOS
  • Windows
  • Linux
• Advanced knowledge of cloud infrastructure, including being able to build and deploy systems and investigate security events across two or more of the below:
  • Kubernetes
  • Google Cloud Platform
  • Amazon Web Services
• We welcome applications from candidates who feel they meet some, but not necessarily all, of the qualifications listed above. If you believe you have the potential to contribute to our team, we encourage you to apply.

Minimum Qualifications: 

• Bachelor of Science in Computer Science, Engineering, Information Systems, or equivalent years of experience in a related technical field
• 3+ years of experience in the field of incident response, detection engineering or related security disciplines