Senior Security Engineer, Detection Engineering

Everpure•Lehi, UT

6h•Onsite

About The Position

This role is for a Senior Security Engineer focused on Detection Engineering, within a company that is reshaping the data storage industry. The engineer will partner with the security operations lead and broader security team to develop and mature security use cases across the company’s environment and operations. The primary mission is to build and refine detections, policies, and response logic to identify real attacks, misuse, intrusions, and data loss events with speed and confidence. This is an active role requiring an understanding of business operations, attacker methodologies, signal identification, and the translation of this knowledge into durable security content and response workflows. Success is measured by signal quality, attack reduction, faster containment, and continuous operational improvement, rather than alert volume.

Requirements

6+ years of experience in cybersecurity, or a related technical field
3+ years of hands-on experience in incident response, detection engineering, security operations, or SIEM engineering
Strong hands-on experience with a SIEM platform; direct experience with Splunk is strongly preferred
Solid understanding of the incident response lifecycle, including triage, scoping, containment, eradication, recovery, and post-incident learning
Strong understanding of foundational networking, systems, cloud, and security principles
Ability to write scripts and automate tasks using Python or a similar language
Ability to work with APIs, integrate data sources, and automate enrichment or response actions
Strong analytical thinking and the ability to translate ambiguous threats or operational gaps into concrete detection logic
Excellent written and verbal communication skills, with the ability to collaborate effectively across technical and non-technical teams
Bachelor’s degree in Computer Science, Information Security, Engineering, or a related technical field

Responsibilities

Design, implement, and maintain high-fidelity detections, correlation rules, alerts, dashboards, and use cases in Splunk and related security platforms.
Build detections across multiple data domains, including identity, endpoint, network, cloud infrastructure, SaaS applications, DLP, vulnerability, and asset posture.
Correlate signals from diverse tooling and data sources to identify attacker behavior, misuse, anomalous activity, and material security risk.
Partner with business units, IT, engineering, and internal security stakeholders to map business processes and workloads to security use cases and required telemetry.
Support and participate in incident triage, investigation, containment, and post-incident improvement activities.
Develop enrichment and automation workflows using Python, APIs, and security tooling to improve analyst efficiency and response consistency.
Improve detection quality by tuning noisy alerts, reducing false positives, and increasing true positive rates.
Collaborate on logging strategy, event onboarding, normalization, parsing, correlation, retention, reporting, and platform customization.
Apply threat intelligence, attacker tradecraft, and frameworks such as MITRE ATT&CK, CVE/CVSS, and risk context to drive meaningful detections.
Create playbooks, runbooks, detection documentation, and operational guidance for responders and analysts.
Use lessons learned from incidents, hunts, and threat research to continuously improve content, coverage, and response workflows.
Help mature a security operations model that brings together detection, alerting, investigation, and response rather than treating them as isolated functions.