What You Will Bring / Key Responsibilities 

• Design, develop, and maintain detection rules, alerts, and analytics to identify cybersecurity threats across endpoints, network, identity, cloud, and application platforms. 

• Collaborate with threat intelligence, threat hunting, and security operations teams to understand emerging threats and translate TTPs into actionable detections. 

• Continuously monitor the threat landscape and proactively recommend improvements to detection coverage and methodology. 

• Validate, test, and tune detection content to reduce false positives and improve accuracy, performance, and signal-to-noise ratio. 

• Partner with incident response teams to provide detection insights, improve alert fidelity, and support investigation workflows. 

• Maintain and enhance the organization’s detection repository within SIEM and detection platforms, ensuring content stays current with evolving attack techniques. 

• Develop and refine Data Loss Prevention (DLP) detection policies and monitoring use cases to protect sensitive data and support compliance requirements. 

• Identify detection gaps and raise risks, working with engineering and security stakeholders to prioritize remediation and improvements. 

• Stay current on cybersecurity tools, frameworks, and adversary techniques to continuously evolve detection engineering practices. 

• Contribute technical guidance and peer mentorship, helping uplift detection quality and engineering standards across the team. 

Additional Job Description 

More About This Role 

This role is ideal for a hands-on detection engineer who enjoys building and tuning security analytics, collaborating across teams, and proactively improving security posture. You will have meaningful influence on detection coverage and technical direction without formal people management responsibilities. 

Job-Specific Requirements 

• Bachelor's degree in computer science, Information Security, or a related field (or equivalent practical experience). 

• At least 5 years of experience in cybersecurity with a strong focus on detection engineering, threat hunting, Security Operations Center operations, or incident response. 

• Experience working with or alongside Red Team/Purple Team activities. 

• Strong knowledge of Security Information Event Management platforms, log pipelines, and detection engineering workflows. 

• Proficiency in scripting or programming languages such as Python, PowerShell, or Bash. 

• Familiarity with adversary tactics, techniques, and procedures (Tactics Techniques Procedures), MITRE ATT&CK, and detection engineering frameworks. 

• Experience with cloud environments and cloud-native attack/detection strategies (e.g., AWS, Azure, GCP). 

• Strong analytical and problem-solving skills with a creative approach to detection design. 

• Excellent collaboration and communication skills with the ability to work cross-functionally with security and engineering teams. 

• Relevant certifications (e.g., GCDA, GCFA, GCFR, GCIH, GREM, OSCP, CISSP) are a plus but not required. 

• Experience with Version Control Systems (VCS) (GitHub) 

• Experience working with SIGMA, YARA, and detection query language structures.