Job Description

Position Overview

• Location Type: Hybrid
• Employment Type: Full-time
• Salary: Not specified

Blackstone is the world’s largest alternative asset manager. They seek to create positive economic impact and long-term value for investors, portfolio companies, and communities. They manage $1.1 trillion in assets across various investment vehicles. More information is available at www.blackstone.com.

Business Unit Overview

Blackstone Technology & Innovations (BXTI) is the technology team supporting Blackstone’s businesses and new growth initiatives. They build the next generation of systems for risk management, efficiency, and transparency. BXTI is described as nimble, entrepreneurial, and focused on problem-solving and development.

The Role

The Alert, Detection, and Response Engineer in the Cybersecurity Operations team is crucial for maintaining a leading edge in security detection and response. They are a core member of the SOC strategy, specializing in escalated incident response, advanced detection engineering, and enhancing the Blue Team’s capabilities. The ideal candidate will have hands-on experience investigating security incidents using various platforms and developing custom detections to address evolving threats. They will collaborate across the cybersecurity organization to develop bespoke detections and response playbooks.

Responsibilities

• Develop Advanced Threat Detection: Create mechanisms to identify and raise alerts for adversarial or high-risk behaviors within the company’s systems.
• Incident Response: Act as a senior incident responder, leading complex investigations and managing incidents from detection to resolution.
• Detection Portfolio Improvement: Continuously improve and fine-tune the detection portfolio to adapt to new and emerging cyber threats.
• Red/Purple Team Collaboration: Represent the Blue Team in Red and Purple Team efforts to design and build detections.
• Escalation Support: Provide exceptional Tier 1-3 escalation support, including analysis, investigations, and engineering.
• Investigation Monitoring: Supervise and monitor the quality of security operations investigations.
• Reporting and Analysis: Provide reporting and analysis on investigations and trends.
• Security Engineering Collaboration: Work with the security engineering team to identify trends in detections and investigations to inform the engineering process.
• Mentoring and Training: Coach and train junior team members on detection and investigation techniques.

Qualifications

• 6+ years in a hands-on technical role in information security.
• Experience with cloud-native architectures (e.g., AWS, Azure, Office 365).
• Proven experience running investigations and managing incidents using security event detection platforms (e.g., Splunk), SIEM platforms, and EDR (e.g., CrowdStrike).