AlphaSense is a market intelligence company that empowers professionals to make smarter decisions through AI-driven insights. The Senior Detection and Response Engineer role is critical for enhancing the organization's defensive security capabilities, focusing on detection engineering, automation, and threat hunting initiatives.
Responsibilities:
- Design, implement, and maintain advanced detection rules and correlation logic across SIEM , EDR, and Cloud platforms (AWS, GCP)
- Lead detection strategy and architecture aligned with the Detection Quality frameworks
- Write high-fidelity detection rules using languages like SIGMA and YARA-L
- Conduct deep log source analysis, perform threat modeling, adversary emulation, and maintain MITRE ATT&CK mapping coverage
- Conduct detection gap analysis to identify coverage opportunities across the kill chain
- Create and maintain detection playbooks, runbooks, and comprehensive documentation
- Perform detection quality assessments and continuous improvement initiatives
- Develop complex automated response playbooks for multi-stage incidents spanning multiple security tools
- Integrate security tools via APIs (SIEM, EDR, MDM, CASB, ITSM, threat intelligence platforms)
- Create automated enrichment pipelines incorporating threat intelligence, asset context, and user behavior analytics
- Develop automated containment actions (account disable, host isolation, firewall rule updates)
- Measure and report automation ROI, tracking metrics like time saved and incident handling efficiency
- Handle Incident Response processes and procedures as needed
- Co-lead the organization's threat hunting program with the SOC Manager, defining strategy, methodology, and campaign planning
- Execute proactive threat hunting campaigns by conducting hunt queries across SIEM and EDR platforms
- Analyze large datasets to identify anomalous behavior patterns including user behavior, process execution, network traffic, and cloud activity
- Develop hunting automation and tooling using custom Python scripts, Jupyter Notebooks, Osquery, and Velociraptor
- Collaborate with threat intelligence sources to incorporate latest TTPs into hunting campaigns
Requirements:
- 7+ years in security operations with 3+ years in detection engineering, including deep expertise in creating high-fidelity rules (SIGMA, YARA-L, KQL, SPL)
- Proven track record of building detection strategies across SIEM, EDR, and Cloud platforms, grounded in the MITRE ATT&CK framework
- Expert knowledge of SOAR platforms (e.g., Tines, Splunk SOAR, Cortex XSOAR), architecture, and complex playbook development
- Proven experience designing and implementing SOAR platform architecture from concept to production
- Advanced scripting and automation development skills in Python (required) for API integrations and security tool orchestration
- Strong background in threat hunting methodology, hypothesis development, and campaign execution, with experience leading or co-leading hunting programs
- Proficiency with data analysis, anomaly detection, and hands-on experience with hunting tools like Jupyter Notebooks, Osquery, and Velociraptor
- Deep understanding of attack techniques, lateral movement, persistence mechanisms, and post-exploitation TTPs across Windows, Linux, and macOS
- Familiarity with security frameworks including MITRE ATT&CK, PICERL, NIST CSF, and Detection Maturity Models, and incident response best practices
- Proven ability to lead technical initiatives, mentor team members, and communicate complex technical concepts to diverse audiences
- Experience with YARA-L
- Deep familiarity with Detection Frameworks and detection engineering quality frameworks
- Proven track record implementing SOAR platforms from architecture through operationalization, with experience evaluating multiple platforms
- Advanced knowledge of CrowdStrike Falcon platform including custom IOA rules
- Background in purple team activities, adversary emulation, or red teaming
- Experience with CI/CD practices for detection-as-code and automation-as-code
- Contributions to open-source security projects or security certifications (GCDA, GCIH, GCIA, GCFA, OSCP, or equivalent)
- Knowledge of security data lakes (Snowflake, BigQuery) and experience with threat intelligence platforms (TIP)
- Published research, blog posts, or conference presentations on detection engineering, automation, or threat hunting topics