Design, develop, and maintain detection rules, alerts, and analytics to identify cybersecurity threats across endpoints, network, identity, cloud, and application platforms.
Collaborate with threat intelligence, threat hunting, and security operations teams to understand emerging threats and translate TTPs into actionable detections.
Continuously monitor the threat landscape and proactively recommend improvements to detection coverage and methodology.
Validate, test, and tune detection content to reduce false positives and improve accuracy, performance, and signal-to-noise ratio.
Partner with incident response teams to provide detection insights, improve alert fidelity, and support investigation workflows.
Maintain and enhance the organization’s detection repository within SIEM and detection platforms, ensuring content stays current with evolving attack techniques.
Develop and refine Data Loss Prevention (DLP) detection policies and monitoring use cases to protect sensitive data and support compliance requirements.
Identify detection gaps and raise risks, working with engineering and security stakeholders to prioritize remediation and improvements.

Requirements

Bachelor's degree in computer science, Information Security, or a related field (or equivalent practical experience).
At least 5 years of experience in cybersecurity with a strong focus on detection engineering, threat hunting, Security Operations Center operations, or incident response.
Experience working with or alongside Red Team/Purple Team activities.
Strong knowledge of Security Information Event Management platforms, log pipelines, and detection engineering workflows.
Proficiency in scripting or programming languages such as Python, PowerShell, or Bash.
Familiarity with adversary tactics, techniques, and procedures (Tactics Techniques Procedures), MITRE ATT&CK, and detection engineering frameworks.
Experience with cloud environments and cloud-native attack/detection strategies (e.g., AWS, Azure, GCP).
Relevant certifications (e.g., GCDA, GCFA, GCFR, GCIH, GREM, OSCP) are a plus but not required.
Experience with Version Control Systems (VCS) (GitHub)
Experience working with SIGMA, YARA, and detection query language structures.

Benefits

health insurance
wellness and family support programs
life and disability insurance
retirement savings plans
paid leave programs
education related programs
paid holidays and vacation time

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

detection engineeringthreat huntingincident responseSecurity Information Event Managementlog pipelinesscriptingprogrammingData Loss Preventioncloud-native attack strategiesdetection query language

Soft Skills

collaborationcommunicationproblem-solvinganalytical thinkingattention to detail

Certifications

GCDAGCFAGCFRGCIHGREMOSCP