AlphaSense

Staff Detection and Response Engineer

AlphaSense

full-time

Posted on:

Location Type: Remote

Location: India

Visit company website

Explore more

AI Apply
Apply

Job Level

Lead

Tech Stack

AWSCloudGoogle Cloud PlatformITSMLinuxMacOSPythonSplunk

About the role

  • Design, implement, and maintain advanced detection rules and correlation logic across SIEM , EDR, and Cloud platforms (AWS, GCP)
  • Lead detection strategy and architecture aligned with the Detection Quality frameworks
  • Write high-fidelity detection rules using languages like SIGMA and YARA-L
  • Conduct deep log source analysis, perform threat modeling, adversary emulation, and maintain MITRE ATT&CK mapping coverage
  • Conduct detection gap analysis to identify coverage opportunities across the kill chain
  • Create and maintain detection playbooks, runbooks, and comprehensive documentation
  • Perform detection quality assessments and continuous improvement initiatives
  • Develop complex automated response playbooks for multi-stage incidents spanning multiple security tools
  • Integrate security tools via APIs (SIEM, EDR, MDM, CASB, ITSM, threat intelligence platforms)
  • Create automated enrichment pipelines incorporating threat intelligence, asset context, and user behavior analytics
  • Develop automated containment actions (account disable, host isolation, firewall rule updates)
  • Measure and report automation ROI, tracking metrics like time saved and incident handling efficiency
  • Handle Incident Response processes and procedures as needed
  • Co-lead the organization's threat hunting program with the SOC Manager, defining strategy, methodology, and campaign planning
  • Execute proactive threat hunting campaigns by conducting hunt queries across SIEM and EDR platforms
  • Analyze large datasets to identify anomalous behavior patterns including user behavior, process execution, network traffic, and cloud activity
  • Develop hunting automation and tooling using custom Python scripts, Jupyter Notebooks, Osquery, and Velociraptor
  • Collaborate with threat intelligence sources to incorporate latest TTPs into hunting campaigns

Requirements

  • 7+ years in security operations with 3+ years in detection engineering, including deep expertise in creating high-fidelity rules (SIGMA, YARA-L, KQL, SPL).
  • Proven track record of building detection strategies across SIEM, EDR, and Cloud platforms, grounded in the MITRE ATT&CK framework.
  • Expert knowledge of SOAR platforms (e.g., Tines, Splunk SOAR, Cortex XSOAR), architecture, and complex playbook development.
  • Proven experience designing and implementing SOAR platform architecture from concept to production.
  • Advanced scripting and automation development skills in Python (required) for API integrations and security tool orchestration.
  • Strong background in threat hunting methodology, hypothesis development, and campaign execution, with experience leading or co-leading hunting programs.
  • Proficiency with data analysis, anomaly detection, and hands-on experience with hunting tools like Jupyter Notebooks, Osquery, and Velociraptor.
  • Deep understanding of attack techniques, lateral movement, persistence mechanisms, and post-exploitation TTPs across Windows, Linux, and macOS.
  • Familiarity with security frameworks including MITRE ATT&CK, PICERL, NIST CSF, and Detection Maturity Models, and incident response best practices.
  • Proven ability to lead technical initiatives, mentor team members, and communicate complex technical concepts to diverse audiences.
Benefits
  • High-Impact Leadership Role: Own critical security capabilities (detection, automation, hunting) with direct organizational impact
  • Greenfield Opportunities: Architect and build SOAR platform from the ground up and lead major SIEM migration efforts
  • Technical Depth: Solve complex problems at scale with Modern security stack
  • Scale & Complexity: Protect a critical platform serving enterprise customers with sophisticated threats
  • Autonomy & Influence: Shape security architecture decisions, tool evaluations, and team direction
  • Growing Team: Join a growing team with clear structure, specialized roles, and growth trajectory
  • Balance & Variety: Split time between strategic architecture (detection, SOAR) and hands-on execution (hunting, investigation)
  • Innovation Culture: Implement detection-as-code, automation-as-code, and data-driven security practices
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
detection rulescorrelation logicthreat modelingadversary emulationautomated response playbooksdata analysisanomaly detectionscriptingautomation developmenthigh-fidelity rules
Soft Skills
leadershipcommunicationmentoringcollaborationstrategic planningproblem-solvinginitiativemethodology developmentcampaign executiontechnical initiative leadership