Detections Engineer

Detections Engineer

Shift5 is redefining the future of onboard operational technology (OT). As a fast-growing scale-up, we specialize in cutting-edge cybersecurity, predictive maintenance, and compliance for OT systems across defense, aerospace, and rail. We are a team of passionate, innovative professionals who thrive in a collaborative environment, driven by a shared mission to revolutionize how fleets operate. By unlocking and democratizing the vast potential of onboard OT data, we help our customers' fleets run smarter, safer, and more efficiently. Ready to be part of the next frontier in transportation and critical infrastructure? Come join us.

Shift5 is seeking a highly motivated and collaborative Detection Engineer to join our growing Research team. In this role your primary goal will be to understand exactly how cyber threat actors could attack operational technology (OT) systems (particularly serial data networks and embedded OT devices) then work across technology teams to help us build cyber intrusion detection and prevention methodologies. More generally, you will also be responsible for identifying and developing ways to detect anomalies in these systems. You will assess and emulate a wide variety of attacks ranging in sophistication and translate the techniques used into technical detections that can be built into the Shift5 product. You will also work closely with our vulnerability researchers and cyber intel analyst to understand how malicious actors are operating today as well as predict future threats, then translate those threats into actionable technical specifics to support intrusion detection.

This position reports to Manager, Detections on the Research team and supports the larger Shift5 technology organization. You will work with a team of Detection Engineers to understand the attack surfaces, vectors, and effects on weapons systems and transportation fleet assets. You will become familiar with how these platforms operate and will be responsible for developing ways to detect anomalies in them. You will identify threats to serial protocols and embedded systems and describe them in code. You'll also work closely with our software developers, data analysts, and customers to develop better defenses by helping to develop attack signatures and recommend product features. You will assist with developing frameworks and testbeds that allow us to ensure the efficacy of our detections. This position plays a crucial role in helping Shift5 defend critical national infrastructure, weapons platforms, and logistics by thinking like a malicious attacker.

At Shift5, a rapidly expanding cybersecurity and operational technology firm, we excel in data collection, translation, transformation, and distillation. Our mission extends beyond providing advanced cyber defense; we are dedicated to enhancing mission readiness and preventative maintenance for a wide array of operational systems. Our expertise lies in safeguarding planes, trains, and tanks not just from cyber threats but also in ensuring their optimal functionality and reliability. Our approach to cybersecurity is intertwined with a commitment to maintaining the operational integrity of these systems. Our engineering team plays a central role in this mission. We are devoted to empowering our clients' fleets to operate more intelligently and safely, utilizing the wealth of data available at their fingertips. Join us on this vital and thrilling journey towards a more secure and efficient future.

In this role you will be expected to:

• Work with hardware, software, field, and research engineers
• Develop software modules for Shift5 products designed to detect anomalies in OT systems and serial networks. You will primarily write software in C++/Rust/Golang/Python for detection modules, testbeds, and tools you develop.
• Work with cross-functional teams to build out robust and performant capabilities related to our product's ability to perform real-time detection and prevention.
• Work with QA and Test Engineers ensuring end to end testing of team's detection modules and algorithms.
• Distinguish between anomalous and benign traffic within large repositories of serial bus data.
• Perform investigations of real-world customer anomalies in order to determine root cause, enhance detections, or inform the development of new detections.
• Design and deliver technical training, usage guides, and operational best practices to enable customers to effectively interpret and triage detection observations, and optimize software configurations for accurate identification of cybersecurity and maintenance issues.
• Effectively communicate technical information about cyber threats to both technical and non-technical audiences.
• Contribute to fundamental frameworks that describe types of threats to OT systems and provide a common language to share information about identified threats.
• Read technical documentation such as specifications, technical standards, and interface control documents to understand the data we are analyzing.
• Document your work for technical and non-technical audiences. This includes engineering documentation, technical reports, and presentations.
• Collaborate with vulnerability researchers to develop detection methodologies for novel attacks against OT systems leveraging a wide range of exploitation techniques.
• Be ready to learn and be flexible. You'll be engaged in a wide variety of work in support Shift5 priorities, which often change in a growing company
• Work from Shift5 HQ 2-3 days a week, and occasionally travel <10%.

We're looking for someone who is/has:

• BS or MS in Computer Science, Electrical Engineering, Computer Engineering, or equivalent
• Experience in intrusion detection
• Proficiency in software engineering principles using C/C++, Rust, Golang, and Python.
• Experience with DevOps tools (git, github actions, cargo package manager, Linux operating systems, docker/kubernetes, , etc.)
• Experience in embedded systems
• Experience analyzing, characterizing and decoding serial data busses
• Experience with developing or testing multi-layered protocol parser logic
• Experience in cyber security concepts or fields
• Experience in test driven development methodologies and practices
• Ability to efficiently multitask and accommodate evolving priorities on demand
• A US Government Security Clearance
• Preferred: Familiarity with serial and embedded protocols such as MIL-STD-1553, ARINC 429, CAN, etc.
• Preferred: Protocol or firmware reverse engineering experience preferred.
• Preferred: Penetration testing or red teaming experience preferred.
• Preferred: Experience developing AI/ML models and algorithms for anomaly detection.

Compensation & Benefits:

• Base Salary: $100,000-$175,000
• Bonus program and equity in a fast-growing startup
• Competitive medical, dental, and vision coverage for employees and their families
• Health Savings Account with annual employer contributions
• Employer-paid Life and Disability Insurance
• Uncapped paid time off policy
• Flexible work & remote work policy
• Tax-deferred public transit benefits with Metro SmartBenefits (DC/MD/VA)

We are committed to building an inclusive culture of belonging that embraces the diversity of our people and represents the communities in which we work and the customers we serve. We know the happiest and highest performing teams include people with diverse perspectives and ways of solving problems. We strive to attract and retain talent from all backgrounds and create workplaces where everyone feels empowered to bring their full, authentic selves to work.

Shift5 is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sexual orientation, gender identity, national origin, disability, age, marital status, ancestry, projected veteran status, or any other protected group or class.