Detection Engineering Manager

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field (completed and verified prior to start) from an accredited university.
• 7+ years of experience in cybersecurity, with at least 3 years in a technical lead or leadership capacity focused on detection engineering, threat detection, or SOC engineering.
• Demonstrated ability to lead teams while remaining hands-on in technical delivery (player/coach model).

Nice To Haves

• Master’s degree preferred.
• Hands-on experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, Google Sec Ops) and EDR solutions (e.g., CrowdStrike, Defender for Endpoint).
• Proficiency in detection/query languages and formats (e.g., KQL, SPL, Sigma) and scripting/automation to accelerate detection engineering workflows.
• Proven experience building mature detection lifecycle practices (testing, tuning, monitoring, regression checks, controlled releases).
• Strong knowledge of adversary tactics, techniques, and procedures; ability to map detections to ATT&CK and demonstrate measurable coverage improvements.
• Experience operationalizing threat intelligence into detection priorities and outcomes for advanced threats.
• Excellent analytical and problem-solving skills; comfortable balancing precision, scale, and operational usability.
• Ability to present technical concepts to non-technical audiences and influence cross-functional partners.
• Demonstrated ability to lead, coach, and advise team members across cultural and generational boundaries.
• Passion for automation, continuous improvement, and building durable engineering systems that scale.

Responsibilities

• Manage and mentor a team of detection engineers, building a culture of engineering rigor, innovation, and accountability.
• Operate as a hands-on manager: personally own and deliver key detections and technical initiatives while leading team outcomes.
• Define and execute detection engineering strategy aligned with business risk, operational priorities, and organizational goals.
• Own the detection engineering operating rhythm: intake, backlog prioritization, delivery planning, peer review, and continuous improvement.
• Establish quality standards (testing, documentation, validation evidence, monitoring) and ensure detections are production-ready before release.
• Lead initiatives to automate detection engineering workflows (content-as-code, validation pipelines, regression checks) to improve speed and consistency.
• Oversee the lifecycle of detection engineering work, including prioritization, resource allocation, delivery tracking, and performance management.
• Design, develop, and optimize detection logic, signatures, and analytics across SIEM, EDR, and cloud-native platforms.
• Personally own a portfolio of high-impact detections (complex use cases, top risks, hardest-to-detect behaviors) and mentor the team on broader coverage.
• Translate adversary behaviors into actionable detections using frameworks like MITRE ATT&CK and kill-chain models; measure and expand coverage over time.
• Conduct detection gap analysis and threat modeling to prioritize improvements based on exposure, telemetry readiness, and business impact.
• Build and maintain strong validation practices: testing, replay/verification, tuning, regression checks, and performance monitoring.
• Integrate threat intelligence into detection priorities and workflows to keep detections aligned to the evolving threat landscape.
• Ensure detections are operationally useful: strong context and enrichment, clear severity guidance, and defined next steps for responders.
• Stay current with emerging threats, tools, and techniques; rapidly adapt detections to changing adversary tradecraft.
• Partner with SOC, Incident Response, and Threat Intelligence to align detections to investigation workflows, escalation criteria, and containment actions.
• Collaborate with IT, OT/manufacturing stakeholders, and service providers to ensure visibility, logging coverage, and end-to-end detection effectiveness.
• Communicate detection strategy, risk coverage, and outcomes clearly to both technical and non-technical stakeholders, including executive leadership.
• Ensure detection engineering practices support compliance with internal policies and applicable external regulatory requirements.
• Maintain audit-ready documentation and evidence (rationale, test results, change history, ownership, and monitoring insights).

Benefits

• 3M offers many programs to help you live your best life – both physically and financially.
• To ensure competitive pay and benefits, 3M regularly benchmarks with other companies that are comparable in size and scope.
• Medical, Dental & Vision, Health Savings Accounts, Health Care & Dependent Care Flexible Spending Accounts, Disability Benefits, Life Insurance, Voluntary Benefits, Paid Absences and Retirement Benefits