Purple Teamer Detection Engineer

🌍 Remote, USA 🚀 Full-time 🕐 Posted Recently

Job Description

Black Lantern Security is built around the ingenuity, passion, and determination of our Operators and Analysts
No one "mastermind"
No "cult of personality"
Competitive compensation and benefits
Healthy work-life balance
Project-based engagements that play to the team's strengths

Location: Remote

Project-Based
Develop and tune detection rules across SIEM, EDR, and other telemetry sources based on relevant and emerging threats.
Build and maintain detection-as-code pipelines (e.g., Sigma, Splunk, KQL, YARA).
Correlate threat intelligence with internal telemetry to enrich detection logic.
Create detailed runbooks for adversary emulation and control validation using tools like Atomic Red Team, Caldera, or SCYTHE.
Collaborate with the red team to simulate relevant and emergent threat actor TTPs.
Utilize frameworks such as MITRE ATT&CK and D3FEND to assess and track detection coverage.
Prepare clear and concise situation reports and activity summaries for both customers and senior leadership.
Develop and deliver walkthroughs, proof-of-concept (PoC) demonstrations, technical articles, and formal presentations.
Research and Development (R&D)
Attend and/or present at professional conferences, industry events, or internal brown-bag sessions.
Contribute to the development of:
* Novel defensive tactics, techniques, and procedures (TTPs).
Custom applications, utilities, and automation scripts.
Threat hunting capabilities aligned with MITRE ATT&CK and emerging offensive TTPs.
Digital forensics and incident response (DFIR) tools, techniques, and methodologies.

Experience with Splunk and/or the Elastic Stack (Elasticsearch, Kibana, Logstash).
Familiarity with building, modifying, or deploying open-source security tools.
Experience with cloud environments and cloud-native telemetry (AWS, Azure, GCP) is a plus.
Prior involvement in Purple Team engagements, adversary emulation exercises, or red team collaboration.

Proficiency in scripting languages such as Python, Bash, and/or PowerShell.
Experience with at least one object-oriented programming language (e.g., Python, Ruby, Java).
Experience ingesting, parsing, and analyzing logs from diverse sources (e.g., OS, EDR, network, cloud).
Hands-on experience with one or more SIEM platforms (e.g., Splunk, ArcSight, LogRhythm, AlienVault).
Proficiency in detection query languages (e.g., Splunk SPL, KQL, Elastic DSL).
Familiarity with threat emulation and adversary simulation tools (e.g., ATT&CK Navigator, Atomic Red Team, PurpleSharp, AttackIQ, Prelude, SCYTHE).
Strong foundational knowledge of Windows, Unix, TCP/IP, IDS/IPS technologies, and web filtering controls.
U.S. citizenship required (must be willing to undergo federal, state, and local background checks).
Demonstrated ability to:
Maintain the highest standards of honesty, ethics, and technical integrity.
Think critically and analytically about complex cyber risk and threat scenarios.
Build and communicate threat models and risk assessments effectively.
Apply cybersecurity frameworks and best practices (e.g., MITRE ATT&CK, NIST 800-61).
Demonstrate a working understanding of regulatory frameworks such as HIPAA, PCI-DSS, and GLBA.

Apply tot his job

Apply To this Job