Senior Detection Engineer #3279

Genius RoadAustin or San Antonio, TX
Hybrid

About The Position

Behind every clean dashboard and every quiet shift is an engineer who built the system that made it possible. This role is for that engineer, the one who can take a sea of raw network and log data and turn it into detection logic that catches the right things at the right time. The work spans tuning SIEM platforms, sharpening IDS/IPS signatures, dissecting packet captures, and translating threat intelligence into rules that hold up under real attack conditions. It is technical, it is detailed, and the payoff is a monitoring environment that genuinely works the way it is supposed to. If you find real satisfaction in fine-tuning detection until the noise disappears and the signal stays sharp, this is where that skill belongs!

Requirements

  • 5+ years of SOC, detection engineering, and security monitoring
  • Hands-on with IDS/IPS platforms like Cisco Firepower and TippingPoint, including signature tuning and false-positive reduction
  • Strong packet capture and traffic analysis skills using tools like Corelight, NetWitness, and CRIBL to spot anomalies and lateral movement
  • Experience tuning EDR platforms such as CrowdStrike and SentinelOne and feeding that telemetry into SIEM and orchestration workflows
  • Practical experience turning threat intelligence into usable detection logic
  • Strong understanding of MITRE ATT&CK and the ability to build detections aligned with known adversary techniques
  • Ability to build detection content that maps cleanly to known adversary TTPs

Nice To Haves

  • Security Certifications such as CISSP, CEH, GSEC, or Security+ preferred
  • Experience with intelligence platforms like Recorded Future, GreyNoise, or Mandiant a plus
  • Familiarity with SOAR tools, particularly Cyware, for automated SOC workflows a plus

Responsibilities

  • Build, tune, and maintain SIEM platforms including correlation rules, dashboards, and detection content
  • Configure and refine IDS/IPS technologies, developing signatures and reducing false positives
  • Analyze packet captures to validate alerts and confirm malicious activity
  • Monitor network traffic for anomalies, lateral movement, and command-and-control activity
  • Turn threat intelligence into detection logic, correlation rules, and enrichment workflows
  • Continuously tune detection content to improve accuracy across the monitoring environment
  • Build orchestration playbooks connecting SIEM, EDR, threat intelligence, and ticketing systems
  • Support log onboarding, data normalization, and broader SOC detection engineering
  • Maintain sensors, collectors, and log pipelines that the monitoring environment depends on
  • Partner with incident responders, providing network-level evidence and context
  • Document engineering work, tuning decisions, and platform health assessments
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service