Detection Engineering & Threat Hunting Lead

About Marvell

Marvell’s semiconductor solutions are the essential building blocks of the data infrastructure that connects our world. Across enterprise, cloud and AI, automotive, and carrier architectures, our innovative technology is enabling new possibilities. 

At Marvell, you can affect the arc of individual lives, lift the trajectory of entire industries, and fuel the transformative potential of tomorrow. For those looking to make their mark on purposeful and enduring innovation, above and beyond fleeting trends, Marvell is a place to thrive, learn, and lead. 

Your Team, Your Impact

Joining Marvell as Detection Engineering and Threat Hunt Lead, you will be a senior-level expert at identifying and responding to cyber threats against Marvell. The SOC is the central nervous system for the cybersecurity organization, a 24x7 service responsible for detection, assessing, and responding to security threats globally. In this role you will enable the SOC to excel. You will have a high degree of freedom to hunt for and investigate sophisticated threats, and to develop detection logic, response playbooks, and automation to accelerate Marvell's ability to respond to emerging threats.

What You Can Expect

• Keep a finger on the pulse of threat and actor trends; advise IT and business stakeholders when immediate action is justified; and adjust detection engineering priorities based on the current threat landscape.
• Identify and digest threat data from various open and closed sources, correlating it against environmental context and ATT&CK matrix to produce threat intelligence. Validate for actionable items, and communicate validated threats to SOC for appropriate action.
• Threat hunting and forensic analysis. You will devise hunt hypotheses, creatively find new and unusual threats, and will confirm the reach of threats identified by the front line.
• You will test existing detection logic for gaps and faulty assumptions, creatively identifying ways adversaries might evade detection, and then come up with solutions.
• Provide expert threat analysis support to CSIRT and Global SOC. Research actors and tactics, identify ways for SOC to detect and CSIRT to contain a threat in real-time. Research anomalies detected by SOC to assess whether threat or benign.
• Produce threat reports tailored to Marvell business and distributed to the relevant stakeholders throughout the company; in varying forms from real-time immediate action to in-depth periodic assessments of trends and future expectations.
• When required, provide real-time and expert threat investigation support to the global Cyber Security Incident Response Team.
• Collaborate with the SIEM and SOAR engineering teams as well as SOC to turn hunting hypotheses into production detection cases and response playbooks.

What We're Looking For

• 8+ years' experience in one or more security-relevant domains including 5+ years as a SOC Analyst, or a Network Analyst with security scope; preferably for a >5000 person enterprise.
• Experience in working with a geographically diverse team in multiple time zones around the globe
• Strong communication skills and an ability to adapt a message to audiences ranging from technology SMEs to company executives to stakeholders in every business discipline.
• Deep understanding of MITRE ATT&CK, with demonstrated experience building detection cases and playbooks around the tactics and techniques most relevant to your business.
• Proficient technical writing skills (documenting processes and procedures);
• Ability to solve problems and work through ambiguity and uncertainty;
• Proficiency in common scripting languages such as PowerShell, Bash, Python, etc.
• Proficiency with one or more SIEM query language
• Experience working extensively with technologies such as IDS/IPS, NGFW, EDR, SIEM, HIDS/HIPS, AV, and Vulnerability Scanners.
• Expert level and continually expanding understanding of common and emerging security threats and vulnerabilities
• Self-motivated and proven ability to deliver end-to-end solutions in a high-tech and fast moving industry.
• Industry security certifications such as CISSP and relevant GIAC certifications or equivalent highly desirable.
• Understanding of NIST Cyber Security Framework standard and requirements and ability to apply them to an enterprise environment.
• Experience with infrastructure operations and processes associated with IT service management in an Enterprise-level organization.

#LI-JS22

Expected Base Pay Range (USD)

113,800 - 168,390, $ per annum

The successful candidate’s starting base pay will be determined based on job-related skills, experience, qualifications, work location and market conditions. The expected base pay range for this role may be modified based on market conditions.

Additional Compensation and Benefit Elements 

At Marvell, we offer a total compensation package with a base, bonus and equity.Health and financial wellbeing are part of the package. That means flexible time off, 401k, plus a year-end shutdown, floating holidays, paid time off to volunteer. Have a question about our benefits packages - health or financial? Ask your recruiter during the interview process.

This role is eligible for our hybrid work model in which you will be able to split time between working from home and on-site in a Marvell office.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.

Any applicant who requires a reasonable accommodation during the selection process should contact Marvell HR Helpdesk at [email protected].