Cyber Defense- Detection Engineer

About The Position

Requirements

• 2+ years of direct hands-on experience in IT support automation using API’s and python.
• 5+ years direct hands-on experience in a security operations role with an emphasis on incident response and automation.
• Experience in hypothesis-driven threat hunting, alert triage, and investigations using SIEM/EDR/NDR telemetry and cloud logs; understanding of core forensics concepts (host, network, identity).
• Some hands-on experience helping design, implement, and tune security controls (e.g., hardening baselines, logging/telemetry standards, segmentation, access controls, compensating controls) in regulated and hybrid environments.
• Working knowledge of security logging pipelines, normalization/enrichment, and data quality concepts to support detection, hunting, and response.
• Experience supporting automation and standardization efforts (SOAR, scripting, workflows); able to follow and help create playbooks/runbooks to reduce MTTR and operational toil.
• Exposure to analytics techniques that improve detection and response (e.g., reducing false positives, basic anomaly identification, prioritization) with focus on practical, usable outcomes.
• Experience with modern security platforms (SIEM, SOAR, EDR, network/email security); experience assisting with SIEM/SOAR content, integrations, or use-case development.
• Experience participating in incident response activities: following playbooks, documenting actions, escalating appropriately, and contributing to post-incident improvements.
• Working knowledge of administering and securing enterprise platforms (Windows Server and/or Linux/UNIX); familiarity with common enterprise architecture patterns and operational constraints.
• Ability to communicate security findings and risk clearly to technical and non-technical audiences; collaborative approach with stakeholders.
• Strong execution skills with the ability to manage multiple tasks, operate in a fast-paced environment, and contribute hands-on to troubleshooting and implementation with guidance.
• Contribute to building and maintaining SOPs, playbooks, and automation-first processes; help standardize repeatable workflows.
• Assist with defining and tracking SOC metrics/KPIs (e.g., detection coverage, alert quality, MTTD/MTTR, containment effectiveness) and help identify improvement opportunities.
• Support the delivery and maintenance of security tooling and detection/response capabilities (implement changes, tune detections, perform health checks) under senior guidance.
• Eager to learn from others and share knowledge with peers (without formal people-management expectations).
• Collaborate with risk/strategy and business partners to understand priorities and regulated requirements and help align day-to-day work to those needs.

Responsibilities

• Build, maintain, and tune detections in our SIEM and EDR aligned to MITRE ATT&CK
• Design, develop, and maintain incident response playbooks, integrations, automations to orchestrate response efforts and evidence collection
• Lead hypothesis-driven threat hunting using telemetry from endpoints, identity, network, and cloud to uncover unknown threats.
• Own telemetry onboarding data quality and normalization ensuring reliable parsing enrichment context mapping and coverage across priority data sources
• Conduct detection QA and continuous tuning to reduce false positives improve precision and accelerate analyst decision-making
• Partner with Red Team and IR on purple-team exercises to validate detections close gaps and document improvements post-incident
• Participate in incident response as a hands-on responder focusing on rapid containment and translating lessons learned into new and improved detections and playbooks
• Create and track metrics for detection coverage fidelity alert volumes MTTA and MTTR using these insights to guide backlog and roadmap priorities
• Collaborate with IT and platform owners to enable logging controls and data pipelines required for high-quality detections while minimizing operational friction
• Provide mentorship and day-to-day guidance to analysts on detection logic triage techniques hunting methodologies and automation usage
• Stay current on evolving threats and platform capabilities and proactively introduce new detections hunting approaches and automation technique