eDiscovery Operations Analyst (Remote)
CrowdstrikeSalary not specified
Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Cybersecurity, Operational Technology, Industrial Control SystemsIndustries
Requirements
- 4 years in a production software development environment, with 2 years of experience with Python development
- 6+ years in cyber security related field; operations, threat hunting, detection development, offensive operations, threat emulation, security research, or security tool development
- Experience with analysis of network packet captures (PCAPs) and traffic using tools such as Wireshark and Network Miner
- High level of experience using Suricata, Wireshark/tshark for network packet capture (PCAPs) analysis, and SIEM tools
- Familiarity with containerized solutions for debugging
- A solid understanding of both Linux and Windows command line tools for debugging
- A strong ability to conduct open-source research
- Experienced with git (or other software version control solutions)
- ICS/OT knowledge and experience
- Experience developing in Rust or applying AI/ML techniques in production environments is a plus
- Familiarity with building data pipelines using Python and cloud platforms (AWS, GCP, or Azure), along with SQL, data normalization, and data warehousing experience is beneficial
- Exposure to OT technologies, such as PLC programming or HMI configuration, is nice to have
- Knowledge of tools like Zeek or Yara for threat detection or network analysis is helpful
- Experience with the ELK stack (Elasticsearch, Logstash, Kibana) for log and event analysis is a plus
Responsibilities
- Participate in efforts for discovering and cataloging OT assets using advanced detection methodologies
- Work in tandem with reverse engineers to decipher proprietary protocols and uncover asset attributes using vendor documentation and protocol specifications
- Partner with developers to integrate findings into Dragos’s threat detection and response platform
- Contribute to the creation of detection logic and rules for real-time threat monitoring of atomic operations
- Troubleshoot and fix both internal engine configurations and Python analytics used for asset identification and atomic operations
- Develop and document team CI/CD and testing standards, authoring unit, integration, and end-to-end tests to verify characterizations and detections are working as expected
- Collect PCAPs using OSINT, generate PCAPs utilizing test range, or craft PCAPs utilizing software to use in both detection development and regression testing
Skills
Key technologies and capabilities for this role
Questions & Answers
Common questions about this position
Is this a remote position?
Dragos has a remote-first culture with operations in North America, Europe, the Middle East, and APAC.
What are the key qualifications for this role?
Candidates need 4 years in production software development with 2 years in Python, 6+ years in cybersecurity fields like threat hunting or detection development, experience analyzing PCAPs with Wireshark and Network Miner, high proficiency with Suricata, Wireshark/tshark, and SIEM tools, plus familiarity with containerized solutions and Linux/Windows command line tools.
What is the company culture like at Dragos?
Dragos fosters a remote-first culture and seeks mission-oriented teammates who embody core values of authenticity, transparency, and trust.
What salary or compensation does this role offer?
This information is not specified in the job description.
What makes a strong candidate for this Staff Analytics Engineer role?
A strong candidate has substantial Python development experience in production environments, deep cybersecurity background in areas like threat detection and PCAP analysis, and hands-on skills with tools like Suricata, Wireshark, and SIEM systems, along with the ability to collaborate with reverse engineers and developers.
Dragos
Cybersecurity for industrial control systems
About Dragos
Dragos specializes in cybersecurity for industrial control systems (ICS) and operational technology (OT) environments, which are essential for industries like manufacturing, energy, and transportation. Their main product, the Dragos Platform, allows organizations to visualize their network, detect threats, and respond effectively to cyberattacks. This platform is particularly important because many ICS and OT systems are outdated and vulnerable to attacks that could impact public safety and economic stability. Dragos differentiates itself by focusing specifically on the unique needs of these industrial sectors, providing both a comprehensive platform and consulting services to help clients enhance their cybersecurity strategies. The company's goal is to protect critical industrial assets from cyber threats, ensuring the safety and reliability of essential services across various industries.
Glen Burnie, MarylandHeadquarters
2016Year Founded
$420.4MTotal Funding
SERIES_DCompany Stage
Consulting, Industrial & Manufacturing, CybersecurityIndustries
501-1,000Employees
Benefits
Medical, dental, vision, disability, & life insurance
401k with match
Equity
Competitive compensation
Remote working options
Pet-friendly options
In-house brewery
Risks
Emerging OT cybersecurity firms may erode Dragos' market share.
Rapid evolution of ransomware tactics may outpace Dragos' detection capabilities.
Integration of new acquisitions may face operational challenges.
Differentiation
Dragos specializes in cybersecurity for industrial control systems and operational technology environments.
The Dragos Platform offers comprehensive visibility, threat detection, and rapid response tools.
Dragos provides consulting services to enhance strategic cybersecurity roadmaps for organizations.
Upsides
Rising ransomware attacks increase demand for Dragos' OT cybersecurity solutions.
Strategic partnerships enhance Dragos' service offerings and customer trust.
Acquisition of Network Perception strengthens Dragos' platform capabilities.
Related Jobs
RemoteRemoteDetections Engineer
Shift5Salary not specified
Full Time
Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteRevenue Insights Analyst
AppspaceSalary not specified
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)
RemoteSenior/ Staff Security Engineer, Detection and Response
Grow Therapy$168,000 - $220,000/year
- Full Time
- Senior (5 to 8 years)
RemoteSenior Applied Machine Learning Engineer - Asset Intelligence
MaintainXSalary not specified
RemoteSenior Data Scientist, Advanced Analytics
TRM LabsSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)