CSOC Engineer - Threat Detection

<div class="content-intro"><p>Fastly helps people stay better connected with the things they love. Fastly’s edge cloud platform enables customers to create great digital experiences quickly, securely, and reliably by processing, serving, and securing our customers’ applications as close to their end-users as possible — at the edge of the Internet. The platform is designed to take advantage of the modern internet, to be programmable, and to support agile software development. Fastly’s customers include many of the world’s most prominent companies, including GitHub, Yelp, Paramount, and JetBlue.</p> <p>We're building a more trustworthy Internet. Come join us.</p></div><h2><strong>CSOC - Engineer - Threat Detection - Pune</strong></h2> <p>Fastly is seeking a Threat Detection Engineer to join our Customer Security Operations Centre (CSOC) to bridge the gap between reactive monitoring and proactive defense. In this specialized role, you will move beyond standard incident response to focus on advanced threat hunting, behavioral analysis, and the engineering of sophisticated detection logic. You will serve as a critical resource for our highest-profile enterprise customers, identifying complex vulnerabilities before they are exploited and building the custom mitigations necessary to stop internet-scale, automated attacks.</p> <h2>What you’ll do: </h2> <ul> <li> <p>Proactive Threat Hunting: Execute a “shift-left” security strategy by identifying weaknesses and emerging threat patterns through deep-dive data analysis before they escalate into active incidents.</p> </li> <li> <p>Sophisticated Mitigation Strategy: Using the data from the threat hunting to develop and deploy advanced defensive measures to help customers mitigate complex and advanced threats before they become an issue.</p> </li> <li> <p>Advanced Detection Engineering: Design and implement high-logic countermeasures, including custom VCL (Varnish Configuration Language) for uniqueness tracking, and complex behavioral fingerprinting.</p> </li> <li> <p>Cross-Functional Data Investigation: Work alongside other teams within Fastly to conduct forensic-level analysis on disparate and external datasets to reconstruct sophisticated attack narratives, such as Account Takeover (ATO) attempts involving advanced spoofing and IP rotation.</p> </li> <li> <p>High-Impact Incident SME: Act as the primary technical authority during large-scale security events, providing dedicated, multi-hour analysis and custom rule-building for specific customers during emergencies.</p> </li> </ul> <h2>What we are looking for : </h2> <ul> <li> <p>Web Security Expertise: Comprehensive understanding of the OWASP Top 10 and advanced attack vectors (e.g., Credential Stuffing, API Abuse, and Layer 7 DDoS). You can interpret raw payloads to distinguish between malicious intent and legitimate traffic.</p> </li> <li> <p>Protocol Proficiency: Deep technical knowledge of the internet stack, specifically HTTP/S, TCP/IP, DNS, and TLS. You should be comfortable analyzing handshake processes, header structures, and status codes.</p> </li> <li> <p>Analytical Rigor: A methodical approach to digital forensics and incident response. You possess the ability to build and analyse complex data sets and identify disparate data points within JSON or CSV logs to reconstruct an attack narrative.</p> </li> <li> <p>Communication Excellence: The ability to distill complex technical findings into concise, professional, and empathetic communications for both technical and non-technical audiences both internally and customer-facing.</p> </li> </ul> <h2>We’ll be super impressed if you have experience in any of these: </h2> <ul> <li> <p>Proficiency in Python or R for log parsing and workflow automation.</p> </li> <li> <p>Experience with Infrastructure as Code/Security as Code(SaC) (Terraform) or other edge-based configurations.</p> </li> <li> <p>Industry-standard certifications such as CompTIA CySA+, GCIH, or Security+.</p> </li> </ul> <p> ... (truncated, view full listing at source)