Sr. Information Security Detection Engineer

About The Position

Requirements

• Deep understanding of hacking techniques and tools including evasion techniques, reconnaissance, scanning, exploitation, evasion, lateral movement, persistence, and exploits.
• Strong understanding of MITRE ATT&CK Framework.
• Strong understanding of all phases of security incident handling and forensics including probing and attack methods, network/service discovery, system assessment, threat containment/eradication, and conducting retrospects to drive operational improvement.
• Strong understanding of network technologies including TCP/IP, IDS/IPS, firewalls, LAN, WLAN, and WAN.
• Expert understanding of AWS IaaS/PaaS, Linux, Windows Server, Windows Desktop, VMWare, Containers, and MacOS.
• Experience operating and maintaining SIEM technology and providing feedback to engineering teams to continually improve technology capabilities.
• Past experience in a Cyber Security Operations Center as a Security Analyst is desired.
• Desired 2+ years of experience in Python and/or other scripting languages to automate common tasks and/or response actions.
• Desired experience in Snowflake or similar Data Lake Technology.
• Strong written and verbal communication.
• Ability to self-start and spearhead initiatives with minimal direction and oversight.

Nice To Haves

• Past experience in a Cyber Security Operations Center as a Security Analyst is desired.
• Desired 2+ years of experience in Python and/or other scripting languages to automate common tasks and/or response actions.
• Desired experience in Snowflake or similar Data Lake Technology.

Responsibilities

• Design, develop, test, and deploy high-quality detection rules using version control systems (e.g., Git) and CI/CD pipelines.
• Drive the overall detection engineering lifecycle including processes, improvements, and innovations.
• Use inputs from Threat Intelligence (TI) and threat modeling exercises to identify critical detection gaps.
• Maintain a comprehensive risk detection coverage mapping to communicate current coverage and show improvements.
• Serve as the primary author and reviewer of new detectors, ensuring proper documentation and testing.
• Continually observe the performance of existing detectors and tune them to reduce false positives and ensure they remain valuable.
• Leverage AI/ML capabilities to enhance the detection engineering lifecycle and identify anomalies.
• Partner with the Security Engineering team to configure, maintain, and optimize security monitoring tools to ensure maximum data ingestion quality and search performance.
• Act as a tier-2 technical escalation point for the L1 SOC, providing expertise in triage, root cause analysis, and remediation planning for complex security alerts.
• Perform in-depth host and network analysis across various environments with a primary focus on Windows, Cloud (AWS, Azure, GCP), and SaaS technologies.
• Execute the full IR lifecycle and lead incident handling during major security events.
• Serve as a technical escalation point for complex or novel security incidents.
• Develop and review Standard Operating Procedures (SOPs), playbooks, and other documentation for the IR team.
• Provide thought leadership on strategic objectives such as processes, technologies, and exercises.
• Mentor and train junior and mid-level incident responders on advanced techniques, tools, and best practices.

Benefits

• Comprehensive Medical, Dental, and Vision
• Paid Time Off Programs including vacation, holidays, illness, and parental leave
• Wellness Programs, Employee Recognition Programs, and onsite gyms and cafe style dining (select locations)
• Retirement benefits, life insurance, 401k match, and tuition reimbursement
• Philanthropy Programs including matching gifts, volunteer grants, charitable grants and corporate sponsorships