Black Lantern Security is a Services Oriented Company
• Black Lantern Security is built around the ingenuity, passion, and determination of our Operators and Analysts
• No one "mastermind"
• No "cult of personality"
• Competitive compensation and benefits
• Healthy work-life balance
• Project-based engagements that play to the team's strengths
Purple Teamer Detection Engineer
Location: Remote
Responsibilities:
• Project-Based
• Develop and tune detection rules across SIEM, EDR, and other telemetry sources based on relevant and emerging threats.
• Build and maintain detection-as-code pipelines (e.g., Sigma, Splunk, KQL, YARA).
• Correlate threat intelligence with internal telemetry to enrich detection logic.
• Create detailed runbooks for adversary emulation and control validation using tools like Atomic Red Team, Caldera, or SCYTHE.
• Collaborate with the red team to simulate relevant and emergent threat actor TTPs.
• Utilize frameworks such as MITRE ATT&CK and D3FEND to assess and track detection coverage.
• Prepare clear and concise situation reports and activity summaries for both customers and senior leadership.
• Develop and deliver walkthroughs, proof-of-concept (PoC) demonstrations, technical articles, and formal presentations.
• Research and Development (R&D)
• Attend and/or present at professional conferences, industry events, or internal brown-bag sessions.
• Contribute to the development of:
• * Novel defensive tactics, techniques, and procedures (TTPs).
• Custom applications, utilities, and automation scripts.
• Threat hunting capabilities aligned with MITRE ATT&CK and emerging offensive TTPs.
• Digital forensics and incident response (DFIR) tools, techniques, and methodologies.
Preferences:
• Experience with Splunk and/or the Elastic Stack (Elasticsearch, Kibana, Logstash).
• Familiarity with building, modifying, or deploying open-source security tools.
• Experience with cloud environments and cloud-native telemetry (AWS, Azure, GCP) is a plus.
• Prior involvement in Purple Team engagements, adversary emulation exercises, or red team collaboration.
Requirements:
• Proficiency in scripting languages such as Python, Bash, and/or PowerShell.
• Experience with at least one object-oriented programming language (e.g., Python, Ruby, Java).
• Experience ingesting, parsing, and analyzing logs from diverse sources (e.g., OS, EDR, network, cloud).
• Hands-on experience with one or more SIEM platforms (e.g., Splunk, ArcSight, LogRhythm, AlienVault).
• Proficiency in detection query languages (e.g., Splunk SPL, KQL, Elastic DSL).
• Familiarity with threat emulation and adversary simulation tools (e.g., ATT&CK Navigator, Atomic Red Team, PurpleSharp, AttackIQ, Prelude, SCYTHE).
• Strong foundational knowledge of Windows, Unix, TCP/IP, IDS/IPS technologies, and web filtering controls.
• U.S. citizenship required (must be willing to undergo federal, state, and local background checks).
• Demonstrated ability to:
• Maintain the highest standards of honesty, ethics, and technical integrity.
• Think critically and analytically about complex cyber risk and threat scenarios.
• Build and communicate threat models and risk assessments effectively.
• Apply cybersecurity frameworks and best practices (e.g., MITRE ATT&CK, NIST 800-61).
• Demonstrate a working understanding of regulatory frameworks such as HIPAA, PCI-DSS, and GLBA.