Lead the design, development, and continuous improvement of detection engineering use cases across SIEM, EDR, and cloud security platforms.
Develop, tune, and validate detection logic aligned to adversary tactics, techniques, and procedures (TTPs), leveraging frameworks such as MITRE ATT&CK.
Integrate and operationalize cyber threat intelligence to enhance detection coverage, threat hunting, and incident response prioritization.
Serve as a technical lead during high-severity security incidents, performing advanced investigation, containment, and remediation activities.
Conduct proactive threat hunting to identify malicious activity that bypasses automated detections.
Partner with security engineering and architecture teams to influence and improve defensive security architecture across endpoint, identity, network, and cloud environments.
Support and participate in penetration testing and purple team exercises, translating offensive findings into actionable defensive improvements and detections.
Develop and maintain incident response playbooks, detection documentation, and investigative runbooks.
Provide expert guidance and mentorship to SOC analysts, elevating overall team capability.
Collaborate with IT, cloud, infrastructure, and application teams to remediate vulnerabilities and reduce systemic risk.
Contribute to SOC maturity initiatives including automation, tooling optimization, and operational process improvements.

Requirements

7+ years of demonstrated experience in cybersecurity operations, including SOC, detection engineering, or incident response roles.
Proven expertise with SIEM platforms such as Splunk, QRadar, Microsoft Sentinel, or similar technologies.
Extensive experience with EDR/XDR platforms such as Microsoft Defender, CrowdStrike, Carbon Black, Sophos, or equivalent.
Strong background in incident response, including forensic analysis, malware investigation, and root-cause determination.
Hands-on experience applying penetration testing techniques or supporting red/purple team exercises.
Advanced understanding of attacker tradecraft, adversary behavior, and kill chain methodologies.
Experience influencing or designing defensive security architecture across enterprise environments.
Strong scripting or query skills (e.g., KQL, SPL, Python, PowerShell).
Excellent analytical, communication, and technical documentation skills.

Benefits

Medical, dental, and vision insurance
401(k) with company match
Paid time off (PTO)
And additional employee wellness programs

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

detection engineeringincident responseforensic analysismalware investigationpenetration testingscriptingquery skillsadversary tacticsMITRE ATT&CKthreat hunting

Soft Skills

analytical skillscommunication skillstechnical documentation skillsmentorshipcollaboration