Senior Threat Detection Engineer

About The Position

Requirements

• 10 years of cybersecurity experience.
• Bachelor’s degree in Computer Science, Information Systems, Mathematics, Engineering, or a related field; or an additional two years of relevant experience in lieu of a degree.
• Deep knowledge of automated detection engineering concepts, SIEM correlation, EDR alerting, and cloud-native detection.
• Experience applying the NIST Cybersecurity Framework, NIST SP 800-61, NIST SP 800-53, and CISA guidance.
• Strong understanding of adversary tactics, techniques, and procedures as defined in the MITRE ATT&CK framework.
• Experience integrating multiple telemetry sources and performing detection gap analyses.
• Proficiency with behavioral analytics, anomaly detection techniques, UBA models, and machine learning–supported detection.
• Ability to collaborate with incident response, threat hunting, and red team functions to improve detection coverage.
• Strong analytical and communication skills to support cross-team detection refinement and operational improvements.

Responsibilities

• Design, build, and maintain SOAR playbooks to automate Tier 1/2 incident response workflows and improve speed and accuracy.
• Develop and update phishing automation, including YARA rules integrated into email security, SIEM, and SOAR pipelines.
• Provide engineering support for security tools, including documentation, architectural diagrams, FISMA artifacts, and secure configuration management.
• Create and maintain SOPs and knowledge base content for incident response capabilities and tooling.
• Coordinate with stakeholders and vendors as Cyber SME to support integrating emerging technologies (Zero Trust, TIC 3.0, EDR, IDS/IPS, SASE, forensics, etc.) into existing security operations.
• Track and report IR automation metrics, response time reductions, and workflow efficiencies.
• Conduct and support annual maturity assessments focusing on automation and develop the Incident Response Engineering maturity roadmap with planned improvements.
• Provide SME support to design, deploy, and maintain automated detection rules across SIEM, EDR, and cloud platforms aligned with threat intelligence and adversary TTPs.
• Continuously update detection logic based on inputs from threat intelligence, threat hunting, and red team activities.
• Monitor and optimize SIEM search performance to ensure detections run consistently without skips or missed executions.
• Enrich detections with contextual data (assets, identity, threat intel, geolocation) to improve analyst decision-making.
• Apply behavioral analytics and anomaly-detection techniques, including UBA models, to identify non-signature-based and persistent threats.
• Conduct quarterly model performance reviews and adjust thresholds, features, or training data to improve detection accuracy.
• Perform quarterly tuning of anomaly-based detections based on feedback from analysts, threat hunting teams, and red team assessments.
• Identify and remediate visibility gaps that limit the effectiveness of detection capabilities.
• Define and track metrics that evaluate detection effectiveness, false positive and false negative rates, and alignment with evolving threat landscapes.

Benefits

• Valiant pays 99% of the Medical, Dental, and Vision Coverage for Full-time Employees
• Valiant contributes 25% towards Health Coverage for Family and Dependents
• 100% Paid Short Term Disability and Life Insurance Policy for Full-time Employees
• 100% Paid Certifications
• 401K Matching up to 4%
• Paid Time Off
• Paid Federal Holidays
• Paid Time On – 40 hours to pursue innovation
• Wellness & Fitness Program
• Valiant University – Online Education and Training Portal
• Reimbursement for Public Transit and Parking
• FSA programs for: Medical Costs, Dependent Care, Transit, and Parking
• Referral Bonuses