Sr Detection Engineer

Pluralsight

1d•Hybrid

About The Position

Pluralsight is the technology workforce development company that helps teams build better products by knowing more and working better together. We are seeking an experienced Senior Detection Engineer to join our Security Engineering & Operations team. While the Operations team responds to fires, you will be the architect of the smoke detectors. You will work closely with the Senior Manager of Security Operations to engineer the SIEM, manage the lifecycle of detection rules, and ensure our 24/7 SOC has high-fidelity alerts. Your primary focus will be Detection-as-Code: treating security alerts as engineering problems that require tuning, testing, and version control.

Requirements

3+ years of proven experience in SIEM Content Development or Detection Engineering.
Bachelor of Science in CIS/MIS/CS/CE, Engineering, or related field (or equivalent experience).
Possess DoD 8570/8140 recognized certifications for CSSP Analyst or Infrastructure Support, such as GCIA, GMON, GCDA, CEH, or CySA+.
Proficiency in SIEM-specific content development (e.g., writing advanced queries in SIEM, creating dashboards, and building correlation searches).
Strong scripting skills (Python, Bash, or PowerShell) for API integration and data manipulation.
Deep understanding of information security principles, cryptographic methods, and network protocols (TCP/IP, DNS, HTTP/S).

Nice To Haves

Familiarity with Cloud Security detection strategies (AWS/Azure/GCP) and Endpoint telemetry (EDR process trees).
Experience working with common adversarial tactics, techniques, and procedures (MITRE ATT&CK TTPs) and mapping them to detection rules.

Responsibilities

Design, develop, and tune high-fidelity detection rules (SIEM content) based on the MITRE ATT&CK framework to identify malicious activity across our ecosystem (Endpoints, Cloud, Network).
Serve as the primary escalation point for the MDR and SOC, performing deep-dive analysis on complex incidents and handling investigations that require engineering-level insight (~20% of time).
Partner with infrastructure teams to validate log ingestion health, parse custom log sources, and enforce data retention lifecycles to satisfy compliance requirements.
Lead the engineering effort to ingest data from new tools (Cloud APIs, SaaS apps, custom internal apps) into the SIEM, ensuring data quality and CIM compliance.
Collaborate with Managed Detection and Response (MDR) providers, translating raw data into actionable alerts and providing feedback on their triage quality.
Proactively test detection rules against known attack vectors to verify they trigger as expected before a real attack occurs.