Senior Detection Engineer – SIEM, Security Observability
Keeper Security, Inc.
full-time
Posted on:
Location Type: Hybrid
Location: California • Illinois • United States
Visit company websiteExplore more
Job Level
About the role
- Design, build, and maintain detection and telemetry capabilities across Datadog, SentinelOne, and Wiz
- Develop, test, and tune high-fidelity detection rules aligned to real-world attack scenarios and adversary behaviors
- Continuously improve alert quality by reducing false positives, eliminating noise, and increasing detection accuracy
- Implement and mature detection-as-code practices for scalable, version-controlled, and testable rule management
- Define and enforce logging, telemetry, and instrumentation standards across cloud infrastructure, applications, endpoints, and identity systems
- Build and optimize log ingestion, parsing, normalization, enrichment, and retention pipelines
- Automate onboarding of new data sources and improve telemetry coverage across production and corporate environments
- Correlate signals across SIEM, EDR, cloud, identity, and security tooling to improve detection depth and investigation quality
- Partner with Security Operations to improve triage workflows, incident response readiness, and escalation quality
- Build dashboards, analytics, and reporting that support operational decision-making across Security, SRE, and Engineering
- Map and maintain detection coverage against MITRE ATT&CK and help identify visibility gaps
- Perform detection gap assessments and evolve use cases based on threat intelligence, threat hunting, and emerging risks
- Collaborate with cloud, infrastructure, product, and compliance teams to strengthen secure logging and observability patterns throughout the software development lifecycle
Requirements
- 5–8+ years of experience in detection engineering, SIEM engineering, security engineering, or security observability
- Hands-on experience with SIEM, security analytics, or observability platforms, such as Datadog, SentinelOne, Splunk, Microsoft Sentinel, Elastic, or similar tools
- Experience building, tuning, and maintaining detection rules, correlation logic, and alerting workflows
- Strong understanding of security telemetry across cloud, endpoint, identity, and application environments
- Experience with log parsing, normalization, enrichment, and pipeline management
- Strong knowledge of cloud environments, with AWS preferred
- Proficiency in scripting or automation using Python, PowerShell, or similar
- Solid understanding of modern detection strategies, attacker behaviors, and the MITRE ATT&CK framework
- Ability to work cross-functionally with Security Operations, Engineering, Infrastructure, and SRE teams
Benefits
- Medical, Dental & Vision (inclusive of domestic partnerships)
- Employer Paid Life Insurance & Employee/Spouse/Child Supplemental life
- Voluntary Short/Long Term Disability Insurance
- 401K (Roth/Traditional)
- A generous PTO plan that celebrates your commitment and seniority (including paid Bereavement/Jury Duty, etc)
- Above market annual bonuses
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
detection engineeringSIEM engineeringsecurity engineeringsecurity observabilitydetection rulescorrelation logicalerting workflowslog parsingautomationscripting
Soft Skills
collaborationcross-functional teamworkincident response readinesstriage workflowsoperational decision-making