Detection Engineer, Senior
About The Position
The Opportunity: We’re looking for a self‑motivated, hands‑on self‑starter who thrives in environments where threat signals are noisy, adversaries evolve quickly, and high‑fidelity detections directly improve mission outcomes. In this role, you’ll design, build, test, and maintain production‑grade detections across divers e data sources—endpoint, network, identity, SaaS, and cloud—while applying Detection‑as‑Code ( DaC ) practices to ensure consistency, scalability, versioning, and automation. You’ll collaborate closely with incident resp ond ers, hunters, and platform engineers to map rules to MITRE ATT & CK, maintain coverage dashboards, and continuously iterate on fidelity and performance. This is a high‑impact engineering role where curio sit y, ownership, and precision are essential. Join us. The world can’t wait.
Requirements
- 5+ years of experience in a security engineering function, such as detection engineering, SOC analytics, or threat hunting
- Experience contributing to shared rule and detection repo sit ories
- Experience authoring detections in two or more of the following: Sigma, YARA, Suricata, Splunk SPL, KQL, or SQL / DB‑SQL
- Experience applying Detection‑as‑Code ( DaC ) best practices, such as Git workflows, pull requests, automated linting, CI pipelines, unit tests, and met adata enforcement
- Experience with detection versioning, semantic versioning, changelogs, and ruleset lifecycle management
- Experience building detections across multiple log sources and platforms, such as EDR / XDR, SIEM, cloud tele met ry, and identity providers
- Ability to demonstrate map detections to MITRE ATT & CK techniques and communicate coverage effectively to stakeholders
- Ability to communicate detection logic clearly, document rationale, and collaborate with SOC, IR, and engineering partners
- Ability to obtain a Secret clearance
- HS diploma or GED
Nice To Haves
- Experience operating within a mature DaC program with standardized rule formats, met adata schemas, test harnesses, and CI / CD promotion gates
- Experience with adversary simulation or detection validation frameworks, such as automated test harnesses, replay testing, or red or blue collaboration workflows
- Experience with cloud environments, such as AWS, Azure, and GCP, cloud logging architectures, and SIEM or XDR platforms such as Sentinel, Chronicle, or Elastic
- Experience with scripting and programming in Python or Go for detection utilities or automation
- Knowledge of data models, such as ECS and CIM, normalization pipelines, and building portable detections across platforms
- Knowledge of MITRE ATLAS for AI‑ relevant threat behaviors and integrating ATT & CK and ATLAS coverage models
- G CIA , GCTI, GCDA, GMON, or similar certifications
Benefits
- health
- life
- disability
- financial
- retirement benefits
- paid leave
- professional development
- tuition assistance
- work-life programs
- dependent care
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
High school or GED
Number of Employees
5,001-10,000 employees
