Senior Detection Engineer

About The Position

Requirements

• A Bachelor's degree in a quantitative or business field (e.g., statistics, mathematics, engineering, computer science) and Requires 4 – 6 years of related experience. Or equivalent experience acquired through accomplishments of applicable knowledge, duties, scope and skill reflective of the level of this position.
• 3+ years in information security with hands‑on detection engineering (or SOC/IR roles with demonstrated analytics creation)
• Proficiency in SPL, KQL, and one of IQL/Databricks SQL for multi‑event correlation, enrichment, and replay
• Demonstrated experience turning IOCs/TTPs into durable analytics; strong ATT&CK fluency and coverage planning
• Practical detection‑as‑code habits: versioning, change control, backtesting, suppression strategy, CI/CD familiarity
• Ability to partner with SOC/CSIRT/Threat Intel; communicate trade‑offs clearly and drive measurable outcomes
• Intermediate - Seeks to acquire knowledge in area of specialty
• Intermediate - Ability to identify basic problems and procedural irregularities, collect data, establish facts, and draw valid conclusions
• Intermediate - Ability to work independently
• Intermediate - Demonstrated analytical skills
• Intermediate - Demonstrated project management skills
• Intermediate - Demonstrates a high level of accuracy, even under pressure
• Intermediate - Demonstrates excellent judgment and decision making skills

Nice To Haves

• Experience integrating detections with Wiz and Varonis contexts (identity/data exposure)
• Prior work in purple teaming and/or running detection validation exercises
• Familiarity with cloud telemetry (Azure, Entra ID, MDE) and network/HTTP/DNS/SSL flow analysis via NDR
• Contributions to internal content libraries, runbooks, and detection KPIs (precision/recall/coverage)
• Certified Threat Intelligence Analyst (CTIA)-ECCOUNCIL, Certified Information Security Manager (CISM), CISSP Certified Information Systems Security Professional, GIAC Cyber Threat Intelligence (GCTI) preferred

Responsibilities

• Own end‑to‑end development of multi‑signal detections (endpoint, identity, network, cloud/SaaS) using Splunk (SPL), Microsoft Sentinel/Defender & Azure (KQL), FortiNDR Cloud (IQL), and Databricks (SQL)
• Translate threat intel (IOCs/TTPs, ATT&CK mapping) into battle‑tested analytics; convert vetted Sigma rules to SPL/KQL where applicable
• Implement version control, change notes, suppression logic, and CI/CD pipelines for detections; champion detection replay/backtesting to improve precision/recall and reduce noise
• Establish and maintain reusable detection content libraries, curated views/tables, and documentation/runbooks that accelerate operations
• Lead data onboarding and schema alignment; articulate coverage plans and quality gates for priority threats and control gaps
• Partner with platform teams to improve data prerequisites (tables, fields, latency) and ensure telemetry health and resilience
• Work directly with SOC/CSMT and CSIRT to tune, triage, and validate detections; convert hunts into detections and run purple‑team validations
• Build tabletop exercises/training for analysts; advise on automation opportunities across SOC/IR workflows
• Provide technical mentorship for DE I/II; conduct peer reviews of detection logic; contribute to sprint planning aligned to quarterly OKRs
• Influence roadmap, standards, and governance for the DE program in partnership with the Principal/Lead Detection Engineer
• Performs other duties as assigned
• Complies with all policies and standards

Benefits

• competitive pay
• health insurance
• 401K and stock purchase plans
• tuition reimbursement
• paid time off plus holidays
• a flexible approach to work with remote, hybrid, field or office work schedules