Cyber Operations Senior Detection Engineer

About The Position

Requirements

• Bachelor's degree in information security, computer science, or related field (or equivalent experience).
• At least five (5) years of experience in detection engineering, preferably within security operations centres or detection engineering teams; demonstrated success in leading detection initiatives and implementing innovative approaches at enterprise scale.
• Deep hands-on experience with at least one major detection platform including advanced detection logic development, tuning, and validation; recognized internally as an expert in detection capabilities and standards.
• Working experience with threat intelligence, adversary TTPs, and attack techniques across cloud, on-premises, and OT environments; familiarity with how threats evolve and how detection strategies must adapt.
• Experience working in a global organisation with geographically dispersed teams and partners, including matrix working environments; ability to coordinate across time zones and cultural contexts.
• At least five (5) years of experience collaborating with security operations teams, incident responders, and threat intelligence analysts to identify, document, and address detection requirements; proven ability to manage relationships and communications with third-party suppliers and vendors.
• Experience delivering and managing large-scale detection engineering projects including planning, execution, and organizational change; ability to navigate dependencies across multiple teams and technical domains.
• Recognized internally as an expert problem solver for complex detection challenges; track record of designing, shaping, and implementing innovative detection solutions that address emerging threats.
• Ability to adapt communication style and interact confidently to influence diverse audiences based on their outstanding perspectives.
• Skilled in facilitating collaboration through open dialogue and information exchange.
• Proactive engagement with teams for coaching and mentoring from both technical and behavioral standpoints; commitment to enabling skill-building and fostering a healthy ecosystem of knowledge sharing across detection engineering and security operations teams.
• Deep expertise in detection logic design, threat modeling, and coverage mapping; extensive experience with detection development across diverse platforms and environments applied to enterprise-scale operations.
• Comprehensive familiarity with MITRE ATT&CK, Cyber Kill Chain, and detection engineering methodologies; understanding of how adversary techniques manifest across different technology domains and how detection logic must be adapted accordingly.
• Substantial hands-on experience with enterprise detection platforms including SIEM, EDR, NDR, and cloud-native security services; advanced proficiency in platform-specific query languages, rule formats, and detection logic development.
• Working knowledge of how threat intelligence is consumed and turned into actionable detection logic. Understanding of indicator types, threat actor TTPs, and prioritization of detection based on intelligence.
• Advanced proficiency in scripting languages such as Python, PowerShell, or similar for detection logic development and automation tasks; experience with detection-as-code practices and version control for detection content.
• Extensive experience with standardized detection formats including Sigma rules, YARA signatures, and platform-specific query languages; ability to develop detection logic that is portable and maintainable across platforms.
• Deep understanding of detection tuning, false positive reduction, and query optimization techniques; proven ability to balance detection sensitivity with operational efficiency.
• Familiarity with operational technology environments and the unique constraints affecting detection in industrial settings; awareness of safety implications and availability requirements that influence detection approaches.
• Experience working with offensive security teams to validate detection efficacy and identify coverage gaps; understanding of how adversary emulation informs detection improvement.

Responsibilities

• Oversee detection engineering efforts across multiple projects spanning threat coverage, detection logic development, and efficacy validation; provide technical guidance to ensure that detection capabilities address the most significant threats across all technology domains.
• Implement detection engineering frameworks to enhance the organization's defensive posture through improved threat coverage, reduced false positives, and accelerated threat identification; adopt and tailor industry guidelines for detection engineering to organizational requirements.
• Design and optimize detection libraries to ensure comprehensive coverage of adversary tactics, techniques, and procedures as defined by frameworks such as MITRE ATT&CK; develop detection logic that balances sensitivity with operational efficiency.
• Provide technical guidance of detection development operations including coordination with external suppliers and platform vendors for comprehensive threat coverage; monitor detection performance and call out and resolve issues in collaboration with relevant collaborators.
• Proactively expand detection coverage through periodic assessments of threat landscape evolution, detection gaps, and emerging attack techniques; identify critical coverage deficiencies and drive resolution through systematic detection development.
• Maintain engagement with security leadership to communicate emerging detection requirements driven by threat intelligence and incident findings; propose strategic action plans for addressing coverage gaps and enhancing detection capabilities.
• Maintain and develop relationships with external partners, threat intelligence providers, and industry peers to identify innovative detection approaches and emerging techniques applicable to enterprise defense.
• Support the definition of detection standards, development methodologies, and quality frameworks within the detection engineering domain; address critical detection failures through deep technical knowledge and systematic analysis.
• Find opportunities to improve and enhance the performance of detection logic, reduce false positives, and improve threat identification accuracy; proactively pursue opportunities for detection automation and orchestration.
• Identify and manage new detection engineering solutions including adoption of new detection techniques, behavioral analytics, and machine learning approaches; lead training and organizational change activities to ensure successful adoption.
• Provide ongoing technical guidance and mentoring to detection engineering team members and security analysts regarding detection logic development, threat hunting techniques, and effective use of detection platforms.
• Develop and maintain training and awareness materials regarding detection engineering practices, threat actor TTPs, and effective investigation methodologies; share knowledge to enable security operations teams to leverage detection capabilities effectively.

Benefits

• qualified retirement program [401(k) plan]
• paid vacation and holidays
• paid leaves
• health benefits including medical, prescription drug, dental, and vision coverage