CSOC Engineer Threat Detection Specialist

Fastly helps people stay better connected with the things they love. Fastly’s edge cloud platform enables customers to create great digital experiences quickly, securely, and reliably by processing, serving, and securing our customers’ applications as close to their end-users as possible — at the edge of the Internet. The platform is designed to take advantage of the modern internet, to be programmable, and to support agile software development. Fastly’s customers include many of the world’s most prominent companies, including GitHub, Yelp, Paramount, and JetBlue. We're building a more trustworthy Internet. Come join us. CSOC Engineer - Threat Detection Specialist Leveraging our growing security product suite, CSOC Engineers contribute real world security insights to Fastly and our customers as we address Internet-scale threats. CSOC Engineers function as the primary escalation point for SOC Analysts in a globally distributed team. A core responsibility and key performance metric for this role is the effective training and mentoring of our SOC analysts, reducing escalations to the Senior CSOC-engineering level so you can focus on process improvements, data analysis, and security tooling to continue advancing our products, services, and capabilities. The CSOC team works with our internal platform security and security research, engineering and development teams as well operations and customer organisations internally to deliver support solutions for security threats faced on the Internet today. What You'll Do: You will be responsible for escalations around monitoring and analysing customer activity, like identifying layer 3/4 DDoS attacks, account-takeover, bot attacks and other malicious web traffic. In addition, as part of CSOC engineering, you will be involved in designing, building and supporting tooling for our analysts. You will have the opportunity to work on some of the world’s most scalable distributed systems,, as well as working with the world-class engineers who developed these systems. Experience configuring traffic policing, shaping to throttle malicious traffic Identify and mitigate UDP Floods, ICMP Floods, and Reflection/Amplification attacks Identify and mitigate TCP SYN Floods, ACK Floods, RST Floods, and TCP state exhaustion attacks Requirements gathering and development of Security Monitoring Systems and troubleshooting tools Be an expert in ensuring security for customers, providing an outstanding response to security issues Provide deep application-security experience on escalated cases from customers automated systems. Carry out continuous-improvement work research to drive our customer security products operations to be the best they can be. Contribute to the processes and policies that scale our organisation as we grow Create, test, and deploy security content (e.g. WAF rules) in response to CVEs and other emerging threats Provide guidance, mentoring, and training for new Security and Customer Support Engineers Create review reporting for customers on security services Troubleshoot and resolve issues related to Kubernetes deployments and management Provide support for next-generation web application firewalls, including troubleshooting and performance optimization Actively participate in sprint planning, deliver committed tasks on time with quality code, collaborate with team members, communicate blockers, and contribute to continuous improvement. Manage CSOC tool-related escalations and troubleshooting What We're Looking For: Understanding stateless communication, fragmentation, and amplification vectors (DNS, NTP, CLDAP, SSDP) Strong knowledge of BGP (Border Gateway Protocol) Proficiency with IPv4/IPv6 addressing, subnetting, ICMP types/codes, and GRE tunneling. Strong infosec background with strong knowledge practical skills in application security Strong knowledge of core internet-technologies like DNS, HTTP TLS and how to debug with common tools Some software developmen ... (truncated, view full listing at source)