Senior Detection Engineer
Centene Corporation
full-time
Posted on:
Location Type: Remote
Location: Arizona • Montana • United States
Visit company websiteExplore more
Salary
💰 $87,000 - $161,300 per year
Job Level
About the role
- Own end‑to‑end development of multi‑signal detections (endpoint, identity, network, cloud/SaaS) using Splunk (SPL), Microsoft Sentinel/Defender & Azure (KQL), FortiNDR Cloud (IQL), and Databricks (SQL)
- Translate threat intel (IOCs/TTPs, ATT&CK mapping) into battle‑tested analytics; convert vetted Sigma rules to SPL/KQL where applicable
- Implement version control, change notes, suppression logic, and CI/CD pipelines for detections; champion detection replay/backtesting to improve precision/recall and reduce noise
- Establish and maintain reusable detection content libraries, curated views/tables, and documentation/runbooks that accelerate operations
- Lead data onboarding and schema alignment; articulate coverage plans and quality gates for priority threats and control gaps
- Work directly with SOC/CSMT and CSIRT to tune, triage, and validate detections; convert hunts into detections and run purple‑team validations
- Provide technical mentorship for DE I/II; conduct peer reviews of detection logic; contribute to sprint planning aligned to quarterly OKRs
- Influence roadmap, standards, and governance for the DE program in partnership with the Principal/Lead Detection Engineer
Requirements
- A Bachelor's degree in a quantitative or business field (e.g., statistics, mathematics, engineering, computer science)
- Requires 4 – 6 years of related experience
- 3+ years in information security with hands‑on detection engineering (or SOC/IR roles with demonstrated analytics creation)
- Proficiency in SPL, KQL, and one of IQL/Databricks SQL for multi‑event correlation, enrichment, and replay
- Demonstrated experience turning IOCs/TTPs into durable analytics; strong ATT&CK fluency and coverage planning
- Practical detection‑as‑code habits: versioning, change control, backtesting, suppression strategy, CI/CD familiarity
- Ability to partner with SOC/CSIRT/Threat Intel; communicate trade‑offs clearly and drive measurable outcomes
Benefits
- competitive pay
- health insurance
- 401K and stock purchase plans
- tuition reimbursement
- paid time off plus holidays
- flexible approach to work with remote, hybrid, field or office work schedules
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
SPLKQLIQLDatabricks SQLmulti-event correlationanalytics creationversion controlCI/CDdetection engineeringbacktesting
Soft skills
technical mentorshipcommunicationcollaborationleadershipproblem-solvinginfluencearticulationpeer reviewplanningdrive measurable outcomes