Design, develop, and tune high-fidelity detection rules (SIEM content) based on the MITRE ATT&CK framework to identify malicious activity across our ecosystem (Endpoints, Cloud, Network)
Validate alerts and serve as the primary escalation point for the MDR and SOC for ~20% of your time
Partner with infrastructure teams to validate log ingestion health and enforce data retention lifecycles
Lead the engineering effort to ingest data from new tools into the SIEM
Collaborate with our Managed Detection and Response (MDR) providers to translate raw data into actionable alerts
Proactively test detection rules against known attack vectors

3+ years of proven experience in SIEM Content Development or Detection Engineering
Bachelor of Science in CIS/MIS/CS/CE, Engineering, or related field (or equivalent experience)
Possess DoD 8570/8140 recognized certifications for CSSP Analyst or Infrastructure Support, such as GCIA, GMON, GCDA, CEH, or CySA+
Proficiency in SIEM-specific content development (e.g., writing advanced queries in SIEM, creating dashboards, and building correlation searches)
Strong scripting skills (Python, Bash, or PowerShell) for API integration and data manipulation
Deep understanding of information security principles, cryptographic methods, and network protocols (TCP/IP, DNS, HTTP/S)

Senior Detection Engineer

Key skills