Detection Engineer

ThreatLockerOrlando, FL
Onsite

About The Position

ThreatLocker is seeking a Detection Engineer to drive the development and continuous improvement of detection content within the ThreatLocker Detect platform. This role is responsible for creating and maintaining detection rules used by our Endpoint Detection and Response (EDR) and Identity Threat Detection and Response (ITDR) products while ensuring alignment with the MITRE ATT&CK® Framework. The Detection Engineer will leverage telemetry generated through malware analysis, vulnerability research, and proactive threat hunting to identify detection gaps and improve product coverage. Working closely with Threat Analysts and Security Researchers, this individual will develop high-quality detection logic that identifies evolving attacker techniques while minimizing false positives.

Requirements

  • 3+ years of experience in Information Security.
  • 2+ years of experience working with Endpoint Detection and Response (EDR) or Identity Threat Detection and Response (ITDR) technologies within an enterprise environment.
  • Strong understanding of the MITRE ATT&CK Framework and its application within enterprise security.
  • Experience creating custom Sigma, YARA, and Snort detection rules.
  • Strong knowledge of Windows operating systems and Windows forensic artifacts.
  • Experience with Windows persistence mechanisms, privilege escalation, defense evasion, and parent-child process relationships.
  • Familiarity with malware analysis, threat hunting, and vulnerability research.
  • Familiarity with adversary emulation and post-exploitation frameworks.
  • Strong analytical, troubleshooting, and critical thinking skills.
  • Excellent written and verbal communication skills with the ability to explain technical concepts to non-technical stakeholders.
  • Ability to work independently while collaborating effectively within a team environment.

Nice To Haves

  • Experience developing detection content is strongly preferred.
  • Relevant certifications such as OSCP, GCFA, GCIH, GCIA, GCDA, GCTD, or GISP are a plus.

Responsibilities

  • Develop, test, and maintain detection content for ThreatLocker's Endpoint Detection and Identity Threat Detection platforms.
  • Create and maintain custom Sigma, YARA, and Snort detection rules.
  • Map detections to the MITRE ATT&CK Framework and continuously improve coverage.
  • Analyze Windows telemetry and forensic artifacts to identify detection opportunities.
  • Research attacker techniques including persistence, privilege escalation, defense evasion, and post-exploitation activity.
  • Collaborate with Threat Analysts and Security Researchers to identify and remediate detection gaps.
  • Validate detection logic through threat hunting, malware analysis, and adversary emulation.
  • Tune detection content to improve accuracy while reducing false positives.
  • Document detection methodologies and technical findings for internal teams.
  • Stay current on emerging threats, attack techniques, and industry best practices.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service