Sr. Detection Engineer

About The Position

Requirements

• 8+ years of progressive experience in cybersecurity, with at least 2+ years in a dedicated threat detection engineering role
• The individual must be a U.S. Citizen, U.S. National or U.S. Person. Individuals outside of these categories are generally barred from having logical access to IL5 data or infrastructure
• Experience with the design, implementation, and support of security data pipelines and SIEM platforms. Experience configuring SIEM platforms such as Microsoft Sentinel via Infrastructure-as-Code (e.g. Terraform) is a significant advantage
• Experience in developing threat detections at scale in cloud-inclusive environments (e.g., AWS, Azure, GCP)
• Experience with data pipeline technologies and architectures, including data extraction, transformation, loading, processing, and storage for security data, with hands-on experience managing and optimizing these systems
• Experience with the cyber threat landscape, attacker tactics, techniques, and procedures (TTPs), and frameworks such as MITRE ATT&CK
• Experience with detection rule languages (e.g., SPL, KQL) and advanced query development, with an understanding of the underlying data structures and query optimization
• Experience writing detections based on diverse security signals and telemetry (e.g., network traffic, endpoint logs, cloud logs), with an engineering approach to signal processing and analysis
• Experience with security tools and technologies such as SIEM/SOAR platforms (e.g., Splunk, Sentinel), EDR, IDS/IPS, network traffic analysis tools (e.g., Zeek, Suricata, Yara), and cloud security solutions, with an understanding of their architecture and integration
• Experience with scripting/programming (e.g., Python, Go, Bash, PowerShell) for security tooling, automation, and API integrations, with a focus on writing clean, maintainable, and efficient code
• Experience analyzing and interpreting large datasets and logs to identify security risks and events, applying data engineering and analysis techniques
• Experience with CI/CD pipelines and Detection-as-Code practices, including version control, testing, and automated deployment of detections
• Experience with AI and Machine Learning applications in threat detection and security, including the ability to evaluate, implement, and manage AI-based detection solutions and secure AI/ML systems

Nice To Haves

• Bachelor's degree or equivalent experience in Computer Science, Cybersecurity, or a related field; advanced degree or security certifications (e.g., GIAC, CISSP)
• Strong analytical and problem-solving skills, with meticulous attention to detail and an engineering approach to root cause analysis
• Experience with anomaly detection, machine learning, and statistical analysis of user behavior patterns for security purposes
• Background in security-focused software engineering or offensive security
• History of speaking at security conferences or publishing research
• Proven ability to collaborate effectively across cross-functional teams
• Passion for continuous learning, operational excellence, and a proactive, adversarial mindset, with a commitment to improving engineering processes and outcomes

Responsibilities

• Participate in the design, ownership, and support of the security data pipeline and SIEM platform which involves working with data collection, ingestion, processing, and storage of security telemetry
• Contribute to optimizing the platform for performance, scalability, and reliability to support all threat detection needs
• Design, develop, and implement high-fidelity threat detections based on threat intelligence, attacker TTPs, and analysis of security telemetry
• Focus on creating detections that are effective, accurate, and minimize false positives
• Embrace and implement Detection-as-Code principles throughout the detection lifecycle including using version control, automated testing, and continuous integration/continuous deployment (CI/CD) pipelines for detections to ensure consistency, reliability, and scalability
• Collaborate with the Incident Response team to translate threat intelligence into actionable detections with automated response workflows
• Participate in post-incident reviews to drive continuous improvement in detection capabilities
• Contribute to the adoption and integration of new detection technologies, frameworks, and processes
• Help architect and maintain scalable, automated security discovery and containment systems leveraging modern data platforms, EDR, network traffic analysis tools, and cloud-native security solutions
• Partner effectively with engineering, product, and other security teams to ensure comprehensive coverage, address blind spots, and instill security monitoring best practices throughout the software development lifecycle
• Contribute to establishing and authoring repeatable and scalable processes around detection and automation engineering
• Define and track key performance indicators to measure the effectiveness of detection capabilities
• Communicate technical security concepts, findings, and recommendations clearly and concisely to both technical and non-technical stakeholders

Benefits

• Bonus: Sales personnel are eligible for variable incentive pay dependent on their achievement of pre-established sales goals. Non-Sales roles are eligible for a company bonus plan, which is calculated as a percentage of eligible wages and dependent on company performance.
• Stock: This role is eligible to receive Restricted Stock Units (RSUs).
• Global Benefits provide options for the following:
• Paid Time Off: earned time off, as well as paid company holidays based on region
• Paid Parental Leave: take up to six months off with your child after birth, adoption or foster care placement
• Full Health Benefits Plans: options for 100% employer paid and minimum employee contribution health plans from day one of employment
• Retirement Plans: select retirement and pension programs with potential for employer contributions
• Learning and Development: options for coaching, online courses and education reimbursements
• Compassionate Care Leave: paid time off following the loss of a loved one and other life-changing events