Position Summary

Deepwatch is seeking a Detection Engineer to join our Threat Detection & Research team and help strengthen detection capabilities across customer environments. Reporting to the Sr. Manager, Threat Detection & Research, this role is responsible for developing, tuning, validating, and optimizing cybersecurity detections that improve visibility into evolving threats and enhance the effectiveness of our MDR operations.

This role is ideal for a cybersecurity professional with strong analytical skills, hands-on SIEM experience, and a passion for threat detection engineering. You will work closely with Security Operations, Threat Research, Customer Success, and Engineering teams to improve alert fidelity, reduce false positives, and ensure high-quality detection coverage aligned to modern attacker behaviors and customer security priorities.

In this role, you’ll get to:

• Develop and document new Detection Capabilities for customer environments
• Work with customers to develop a comprehensive strategy for effective detections 
• Leverage industry frameworks, such as MITRE ATT&CK Framework, for customer-facing alert improvement roadmap
• Apply knowledge of common detection tools (Azure logging, command line logging, etc.) to advise customers on logging capabilities to expand applicable detection library
• Confidently prioritize log sources for ingestion and enablement
• Evaluate current monitoring and detection capabilities to identify areas for improvement
• Conduct Detection Gap Analyses 
• Manage detection capabilities to ensure appropriate coverage, effective operation, and adherence to Deepwatch standards
• Detection Enablement
• Detection Effectiveness (Tuning, Validation, etc.)
• Detection Creation
• Onboard assigned customers, establishing baseline detection coverage and detection enablement plan post onboarding
• Ensure ingested log sources conform to CIM standards

To be successful in this role, you’ll need:

• 3–5 years of experience in cybersecurity, detection engineering, threat detection, or security operations
• Experience working for a Managed Security Service Provider (MSSP) or similar cybersecurity organization
• Experience working and querying SIEM tools or other log-based data preferably Splunk
• Experience in engineering event detection & response tuning
• Ability to engineer creative, scalable, and out-of-the-box solutions
• Up to date with engineering best practices, security technology trends, tools, and frameworks
• Experience in developing detections for attacker tactics, techniques, and procedures (TTPs)
• Able to both investigate and create security rules in at least 1 SIEM
• Understanding of general enterprise network architecture and security incident response
• Understanding of common enterprise technologies and logging capabilities including Cloud, IDS/IPS, Firewalls, Active Directory, Anti-Virus/EDR, Proxies, and Email Gateway
• Understanding of various attack frameworks such as MITRE ATT&CK and general adversarial / defensive security techniques (e.g. the Cyber Kill Chain, and NIST)
• Ability to communicate and document technical information effectively towards various audiences

Why Deepwatch?

• Mission-driven company focused on protecting customers from threats 24/7
• Hybrid work model in India, with access to collaborative office space in Bangalore
• High-impact leadership role with strong visibility across Product & Engineering
• Competitive compensation, equity, and benefits
• A company recognized as a Great Place to Work® for five consecutive years
• Opportunity to shape the future of cybersecurity and AI-driven platforms