Senior Detection Engineer

About The Position

Requirements

• Relevant Educational Degree or Equivalent Cybersecurity Work Experience (3-5 Years), with three or more years of technical experience in Detection Engineering, Security Analytics, Threat Hunting, or Incident Response.
• A robust analytical mindset and self-starter attitude with a genuine interest in forward-thinking Cybersecurity.
• Deep proficiency with SIEM platforms, including hands-on experience with data ingestion, custom parsing, and advanced query development.
• Strong understanding of cyber threats, attack techniques, and incident response methodologies.
• Experience leveraging Machine Learning, Deep Learning, or User and Entity Behavior Analytics (UEBA) to build anomaly-based detections that go beyond traditional static rules.
• Scripting and programming proficiency (e.g., Python, Go, Bash) for automating log retrieval, API integrations, and data parsing tasks.
• Proficiency in understanding telemetry and security logging across Cloud Environments (AWS, Azure, GCP), endpoints (macOS, Windows, Linux), and network appliances.
• Excellent cross-functional communication and relationship-building skills, with the ability to influence and collaborate seamlessly with non-security teams.

Nice To Haves

• Supporting certifications such as GIAC (e.g., GCDA - Certified Detection Analyst), AWS Certified Security - Specialty, or SIEM-specific vendor certifications.
• Experience utilizing AI assistants (e.g., Copilot, LLMs) to streamline scripting, query generation, and data analysis, as well as familiarity with the OWASP Top 10 for LLMs and "Shadow AI" usage.
• Experience in Automation and Orchestration, specifically integrating detections with SOAR platforms (e.g., Tines, Splunk Phantom, Torq).
• Knowledge of Threat Intelligence Methodologies to operationalize IOCs and TTPs, and deep experience securing and gaining visibility into Kubernetes environments.

Responsibilities

• Primarily be responsible for the development of new alerts and constantly tuning and refining our current alerting and detection capabilities to reduce false positives and minimize alert fatigue.
• Communicate proactively with the Incident Response team to determine needed alerting methods and understand the gaps identified during past investigations.
• Work throughout the organization with teams such as Engineering, Sales, SRE, and Product Security to determine critical logging sources and security-related datasets that should be analyzed.
• Collaborate with these various teams to identify how to properly detect threats within their specific environments and build actionable runbooks tailored to those domains.
• Assist in the ingestion of new data sources from end products into our SIEM platform, actively working on the parsing of those sources to enable better searching, correlations, and high-fidelity detections.
• Create detections in a forward-looking manner to address new threats based upon the current cybersecurity environment, threat intelligence, and ongoing adversary campaigns.
• Map and track detection coverage against industry-standard frameworks, such as MITRE ATT&CK, to identify and remediate visibility gaps across the enterprise.

Benefits

• Generous PTO Policy
• Support work life balance with Unplugged Days
• Flexible WFH Policy
• Mental & Physical Wellness programs
• Phone and Internet Reimbursement program
• Access to Continued Career Development
• Comprehensive Benefits and Competitive Packages
• Paid Volunteer Time
• Employee Resource Groups