• Review the latest threats targeting Bolster's customers and prospects. • Analyse online content across multiple platforms including web, social media, apps stores, website building platforms, etc. • Train Bolster's AI engine with based on the latest threats. • Investigate online activity and infrastructure to determine the fraud source. • Engage with hosting providers, registrars, registries, etc. to shutdown online threats. • Track ongoing enforcement efforts and content change. • Provide support and written responses to customer queries and requests via tickets. • Support sales and customer success teams with threat intelligence for customers and prospects • Generate monthly and ad-hoc reports summarizing metrics and trends targeting customers and prospects. • Respond to security alerts to support issue resolution and minimize the impact of security events. • Research security issues and work with internal teams to find and track resolution. • Help manage and improve the issue-tracking process. • Create and enhance operational metrics to ensure the security programs are effective.

• Actively monitor and respond to cybersecurity incidents related to alerted policy violations • Analyze and investigate incidents to determine their nature and scope. • Coordinate with the lead and other Cybersecurity Incident Response Teams for effective incident resolution. • Document incidents and response activities in detail. • Stay updated with the latest cybersecurity threats and trends. • Assist in developing and refining incident response strategies and procedures. • Collaborate with operations teams, legal, human resources and management to investigate security issues and interview investigation subjects to determine true and false positives.

• Act as the final escalation point for complex incidents originating from L1/L2 analysis. • Lead investigations into high-severity security events, including those impacting AWS, Azure, Kubernetes clusters and hybrid environments. • Perform advanced forensic analysis across endpoints, cloud workloads, and network telemetry to determine root cause, impact, and remediation actions. • Correlate telemetry from SIEM, EDR, CSPM, and cloud-native sources to identify sophisticated attack chains. • Design, develop, and maintain automated response playbooks within the SOAR platform to improve response efficiency. • Build and maintain automation scripts (Python, Go, etc.) for alert enrichment, evidence collection, and containment. • Integrate security platforms via APIs to enable streamlined, automated detection and response workflows. • Identify opportunities to reduce Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) through automation and process optimisation. • Conduct proactive threat hunting across enterprise and cloud environments using intelligence-driven and hypothesis-based methodologies. • Serve as an SME for cloud security monitoring leveraging tools such as AWS GuardDuty, CloudTrail, CrowdStrike, and Proofpoint. • Develop and tune SIEM detections, correlation rules, and EDR queries aligned to MITRE ATT&CK tactics and emerging threat intelligence. • Provide technical mentoring and guidance to L1/L2 analysts to strengthen SOC capability. • Maintain and enhance SOC documentation including SOPs, runbooks, and response playbooks. • Analyse incident trends and operational metrics to recommend improvements in detection coverage, automation effectiveness, and security posture.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description We are looking for a Detection Engineering - SkillBridge Intern to join our Red Canary Customer Service Operations team. This is a remote role reporting to the Manager, Detection Engineering. The security landscape is always shifting and introducing new adversaries. Red Canary operates 24/7 to track down threats using the entirety of our customer’s data and deliver fast and practical detections to our customers. Together, we create a customer-centric culture that fosters success, adoption, and continuous growth. What you’ll do (Role Expectations) - Use Red Canary’s detection platform to analyze EDR telemetry, alerts, and log sources across several detection domains including Endpoint, Identity, SIEM, and Cloud/SaaS. - Publish threats for customers using concisely-written communication while effectively conveying key and important indicators. - Research coverage opportunities to create new detectors and tune existing ones through detector development. - Improve the Detection Engineering workflow through orchestration and automation. Qualifications - Cybersecurity operational experience with a focus in Detection and Response. - Must be located in the United States during the SkillBridge program. - Must be a current Active Duty United States military member or a member of the United States Guard/Reserve component on active duty orders for at least the last 180 days with 180 days or fewer remaining prior to your date of discharge. - Approval from your unit commander. - MOU must be approved and submitted before start. Requirements - Experience with EDR tools. - Experience conducting Incident Response activities. - Malware/Threat Analysis and Detection Engineering experience. Benefits - Various health plans - Time off plans for vacation and sick time - Parental leave options - Retirement options - Education reimbursement - In-office perks, and more!