Senior SIEM Detection Engineer

Thinkahead Consultant Psychologist Pty Ltd

Senior SIEM Detection Engineer developing high-fidelity detection content for AHEAD's managed security clients. Driving continuous improvement and enhancing detection capabilities across client environments.

Posted 5/4/2026full-timeRemote • 🇺🇸 United StatesSenior💰 $120,000 - $150,000 per yearWebsite

Tech Stack

Tools & technologies

ElasticSearchFirewallsLogstashPython

About the role

Key responsibilities & impact

Lead and perform detection content development within the SIEM platform (Elastic, Palo XSIAM, Crowdstrike), including:
Creation, tuning, and lifecycle management of detection rules, correlation rules, and analytic stories/use cases
Definition and maintenance of data models, normalization, and enrichment required to support high‑quality detections
Mapping detections to frameworks such as MITRE ATT&CK where applicable
Identify gaps in detection coverage based on incident trends, threat intelligence, and hunt activities
Reduce false positives and improve alert signal‑to‑noise ratio through iterative tuning
Translate playbooks and incident response workflows into robust, testable detection.
Monitor and manage the health and performance of SIEM detection content, including:
Tracking detection firing patterns, volumes, and performance impact.
Conducting post-incident reviews to refine detections and create new coverage.
Ensuring detections remain aligned with client use cases, risk profiles, and contracted scope.
New and existing detections are prioritized based on risk, impact, and available data
Partner with AHEAD Managed Security and client resources in the design and implementation of new data visualizations and detection rules, including:
Building dashboards, visualizations, and investigative views that support triage and hunting
Collaborate with AHEAD Managed Security SOAR (Swimlane) engineering resources to:
Integrate SIEM detections with SOAR workflows for enrichment, triage, and response
Continuously improve incident investigation workflows and automation quality based on detection output
Engage with client security and IT infrastructure teams for new data source onboarding activities, including:
Defining logging, parsing, normalization, and enrichment requirements to support current and planned detections
Validating that ingested data is complete, normalized, and usable for detection engineering
Tune rules, filters, and policies across SIEM and related security technologies (IDS, EDR, firewalls, etc.) to:
Improve accuracy, visibility, and coverage while minimizing noise
Ensure consistent correlation and context across multiple technologies
Perform data mining and exploratory analysis of log sources to:
Uncover and investigate anomalous activity and potential undetected attack patterns
Identify new detection opportunities and support proactive threat hunting
Assist with the development and improvement of processes and procedures for:
Detection lifecycle management (design, testing, deployment, monitoring, retirement)
Improving incident response times, incident quality, and overall Managed Security functions
Participate in client-facing security meetings to:
Explain detection strategy, coverage, and improvements.

Requirements

What you’ll need

Experience with Elastic Security and its core components (Elasticsearch, Logstash, Kibana, Filebeat, Elastic Agent), with a focus on detection engineering, rule creation, and data modeling
Strong SIEM administration and configuration experience, particularly around detection use cases, correlation logic, and alert workflows
Experience writing tools or scripts to automate detection-related tasks, data quality checks, and integrations in Python or similar languages
Demonstrated ability to think creatively and build elegant detection solutions to complex security problems
Excellent verbal and written communication skills, including the ability to communicate detection logic and findings to both technical and non‑technical stakeholders
Incident handling/response experience, with a focus on using detections to support and improve IR workflows
Desire to work both independently and collaboratively with a larger managed services and client team
A strong appetite for learning, experimentation, and continuous improvement in detection engineering
2–4 years of experience in Security Detection Engineering, Security Automation, or related disciplines
Hands-on experience with common security technologies: IDS, Firewall, SIEM, SOAR, EDR, endpoint and network security tools
Knowledge of common security analysis tools & techniques, including log analysis, correlation, and anomaly detection
Understanding of common security threats, attack vectors, vulnerabilities, and exploits, and how they manifest in telemetry
Strong regular expression skills and familiarity with query languages used in SIEM platforms
Customer service focused and portrays energy, professionalism, and welcoming characteristics
Strong ability to work in a highly sensitive and confidential environment
Ability to meet deadlines and perform effectively under pressure
Ability to identify issues and help develop strategic and tactical plans for Managed Security and detection-related initiatives
Ability to use good judgment and decision-making skills in ambiguous or complex detection and incident scenarios.

Benefits

Comp & perks

Medical, Dental, and Vision Insurance
401(k)
Paid company holidays
Paid time off
Paid parental and caregiver leave
Plus more! See benefits https://www.aheadbenefits.com/ for additional details.

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

detection content developmentdetection rulescorrelation rulesdata modelingdetection engineeringPythonlog analysisanomaly detectionregular expressionsquery languages

Soft Skills

communication skillscreative thinkingcollaborationcustomer serviceprofessionalismability to work under pressureproblem-solvingstrategic planningdecision-makingadaptability