As the world’s leading provider of cloud-based software and technology solutions delivered by managed service providers (MSPs), Datto believes there is no limit to what small and medium businesses can achieve with the right technology. Datto offers Unified Continuity, Networking, and Business Management solutions and has created a one-of-a-kind ecosystem of MSP partners. These partners provide Datto solutions to over one million businesses across the globe. Since its founding in 2007, Datto continues to win awards each year for its rapid growth, product excellence, superior technical support, and for fostering an outstanding workplace. With headquarters in Norwalk, Connecticut, Datto has global offices in the United Kingdom, Netherlands, Denmark, Germany, Canada, Australia, China, and Singapore. Learn more at datto.com.

​​Datto, Inc. is seeking a detection engineer to research, build, and maintain high-confidence detection logic for Datto’s advanced endpoint monitoring products and services. Your role will include researching threats, malware and novel behavioral techniques and then applying that research to build or tune detection rules and analytics. Ultimately, your purpose will be to help ensure Datto and its 18,000+ partners are able to respond effectively to whatever cyber threats impact them and our shared customers.

Additional responsibilities and functions:

• Analyze attacker TTPs and build countermeasures to detect and/or stop them using endpoint telemetry
• Identify coverage gaps and areas for improving detection
• Work with quality teams to create scenarios to test detection capabilities
• Tune detection rules to reduce false positives and noise
• Create automations and workflow improvements for SOC analysts to triage and respond to detected events
• Serve as a technical resource for the security operations center (SOC) during active response efforts

Required Skills:

• At least three years of experience in Endpoint Detection & Response (EDR) analysis and endpoint monitoring
• At least one year of experience with developing detection, SIEM and/or EDR content (signatures, rules, etc.)
• Knowledge of MITRE ATT&CK™ behavioral techniques and how to detect them
• Knowledge of Windows, Linux and MacOS operating system internals
• Proficiency with regex and SQL-type query languages

Desired Skills:

• Bachelor's degree or equivalent IT work experience
• Former experience in one or more areas: security operations, cyber threat hunting, Endpoint Detection and Response (EDR), detection signatures and analytics 
• Threat hunting & data analytics via tools like Elastic, Athena, or Redshift and SQL-like query languages
• Experience with scripting and interpreter languages, particularly bash and PowerShell
• Knowledge of offensive tools (e.g. Cobalt Strike, Mimikatz, Metasploit or Powershell Empire)
• Experience in endpoint incident response and forensics
• One or more certifications: GCFA, GCFE, GREM, GNFA, or OSCP Certification