Define the vision, strategy, and roadmap for the security detection program, ensuring alignment with the company’s risk posture and business objectives
Oversee the development, testing, deployment, and continuous maintenance of all detection logic (rules, models, baselines) across SIEM, EDR, and other security platforms
Lead, mentor, and grow a high-performing team of security operators, engineers, and threat hunters
Translate emerging threat data and intelligence into actionable, automated, and preventative detection controls.
Drive the architecture and continuous tuning of the security monitoring and detection platforms (e.g., SIEM, data pipelines) for coverage, performance, and cost-effectiveness
Establish and formalize a proactive threat hunting capability to identify threats that evade existing security controls
Ensure detection and monitoring operations are compliant with global standards and regulations, such as SOC 2, ISO 27001, GDPR, and FedRAMP
Partner with internal engineering teams to integrate detection controls directly into cloud infrastructure and corporate environments.
Serve as a key point of contact to provide executive leadership with a clear view of the company's detection coverage and maturity.
You may be required to occasionally perform duties outside your standard working hours

Requirements

10+ years of experience in cybersecurity, with a dedicated focus on building and scaling advanced security detection and threat hunting programs.
Proven experience in a leadership role, building and managing Detections Engineering or Threat Hunting teams.
Deep expertise in detection engineering principles, adversary tactics (e.g., MITRE ATT&CK), and advanced log source analysis.
Expert-level knowledge of SIEM architecture (e.g., Splunk, Elastic, Sentinel), EDR technologies, and cloud-native detection tools (AWS GuardDuty, GCP Security Command Center, Azure Security Center).
Proficiency in scripting or coding (e.g., Python, KQL, SPL) for detection rule development and automation.
Strong understanding of cloud security architecture (AWS, GCP, Azure) and developing detections for cloud-native threats.
Excellent communication and presentation skills, with the ability to convey complex detection strategies to technical and executive audiences.
Relevant industry certifications (e.g., GIAC GDSA, GCFA, CISSP) are a plus.

Benefits

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

cybersecuritydetection engineeringthreat huntinglog source analysisscriptingPythonKQLSPLcloud security architecturedetection rule development

leadershipmentoringcommunicationpresentationstrategic thinkingteam managementproblem-solvingcollaborationadaptabilityexecutive communication

GIAC GDSAGCFACISSP