CSOC Engineer - Threat Detection

Job Description

Fastly helps people stay better connected with the things they love. Fastly’s edge cloud platform enables customers to create great digital experiences quickly, securely, and reliably by processing, serving, and securing our customers’ applications as close to their end-users as possible — at the edge of the Internet. The platform is designed to take advantage of the modern internet, to be programmable, and to support agile software development. Fastly’s customers include many of the world’s most prominent companies, including GitHub, Yelp, Paramount, and JetBlue. We're building a more trustworthy Internet. Come join us. CSOC - Engineer - Threat Detection - Pune Fastly is seeking a Threat Detection Engineer to join our Customer Security Operations Centre (CSOC) to bridge the gap between reactive monitoring and proactive defense. In this specialized role, you will move beyond standard incident response to focus on advanced threat hunting, behavioral analysis, and the engineering of sophisticated detection logic. You will serve as a critical resource for our highest-profile enterprise customers, identifying complex vulnerabilities before they are exploited and building the custom mitigations necessary to stop internet-scale, automated attacks. What you’ll do: Proactive Threat Hunting: Execute a “shift-left” security strategy by identifying weaknesses and emerging threat patterns through deep-dive data analysis before they escalate into active incidents. Sophisticated Mitigation Strategy: Using the data from the threat hunting to develop and deploy advanced defensive measures to help customers mitigate complex and advanced threats before they become an issue. Advanced Detection Engineering: Design and implement high-logic countermeasures, including custom VCL (Varnish Configuration Language) for uniqueness tracking, and complex behavioral fingerprinting. Cross-Functional Data Investigation: Work alongside other teams within Fastly to conduct forensic-level analysis on disparate and external datasets to reconstruct sophisticated attack narratives, such as Account Takeover (ATO) attempts involving advanced spoofing and IP rotation. High-Impact Incident SME: Act as the primary technical authority during large-scale security events, providing dedicated, multi-hour analysis and custom rule-building for specific customers during emergencies. What we are looking for : Web Security Expertise: Comprehensive understanding of the OWASP Top 10 and advanced attack vectors (e.g., Credential Stuffing, API Abuse, and Layer 7 DDoS). You can interpret raw payloads to distinguish between malicious intent and legitimate traffic. Protocol Proficiency: Deep technical knowledge of the internet stack, specifically HTTP/S, TCP/IP, DNS, and TLS. Yo

Required Skills