Job Summary

As a Detection Engineer Specialist, you will leverage your extensive expertise in threat detection, security analytics, and automation to design, implement, and manage advanced detection and response capabilities across the organization’s security monitoring ecosystem. This role is responsible for the end-to-end lifecycle of detection engineering, including the development, tuning, and optimization of detections within Security Information and Event Management (SIEM) platforms, as well as the design and governance of Security Orchestration, Automation, and Response (SOAR) playbooks and automation workflows.

You will serve as a technical leader with deep hands-on proficiency in SIEM, SOAR, and security automation technologies, applying detection engineering best practices to improve alert fidelity, reduce mean time to detect and respond, and enable scalable, repeatable incident handling. This role requires strong analytical and problem-solving skills, the ability to translate threat intelligence and incident learnings into actionable detections and automations, and close collaboration with the incident response team, platform engineers, and third-party security partners.

You are expected to work independently with minimal supervision, take ownership of complex initiatives, and provide technical mentorship and training to team members. You will play a key role in shaping detection and automation strategy, ensuring operational resiliency, and continuously enhancing the organization’s overall security posture.


Essential Functions

• Lead the design and implementation of SIEM and SOAR solutions, ensuring they meet the organization’s security requirements and industry best practices.
• Lead the development and implementation of advanced detection strategies to identify potential security threats and vulnerabilities.
• Work closely with other security teams to integrate detection capabilities with overall security operations, including customization, and optimization of detection rules.
• Perform advanced threat detection, analysis, and correlation using various detection tools and techniques to identify and mitigate security threats.
• Collaborate with the Incident Response, Threat Intelligence, and Threat Hunting teams to analyze and respond to security threats, providing expert guidance on detection-related issues.
• Develop and maintain documentation for detection engineering practices on how to create and refine detection use cases and techniques.
• Proactively identify new detection opportunities and improve existing detection methodologies using threat models and frameworks that ensure a comprehensive detection strategy and rule set. 
• Maintain comprehensive documentation of detection configurations, processes, and activities.
• Provide technical leadership and mentorship to the Incident Response, Threat Intelligence, and Threat Hunting teams. 

• Develop and accumulate lessons learned documentation from incidents to identify controls and new detections to prevent identified malicious activity from reoccurring.

   

Qualifications

• H.S. Diploma or GED required
• Associate Degree or Bachelor’s Degree in Cyber Security, Computer Science, Information Systems, or related field preferred
• Deep knowledge of typical IT platforms, operating systems, and configuration methods
• Deep knowledge of security threat tactics, techniques, and procedures (TTPs), incident response methodologies, and detection techniques
• Extensive experience with detection technologies (e.g., IDS/IPS, SIEM) and threat detection practices.
• 5+ years of IT or Information Security experience, including 3+ years SIEM Management or Detection Engineering experience
• Preferred: 
  • Industry recognized cyber security training or certifications to include SANS, ISC2, EC-Council or CompTIA vendors
  • Familiarity with MITRE ATT&CK, Cyber Kill Chain, and other threat modeling frameworks
  • Experience in scripting and automation (e.g., Python, PowerShell) for security operations