Key skills
Detection engineeringSPLKQLDetection-as-codeDatabricks SQLIOCsTTPsMITRE ATT&CKAnalytical skillsStakeholder managementChange controlBacktestingVersion controlPurple-team exercisesCloud telemetryNDR traffic analysisSecurity certificationsCollaborationProblem-solvingCommunicationTime managementProject managementMentorshipSQLAnalyticsDatabricksAzureEntra IDSplunkVersion ControlSaaSCI/CD
About this role
SoTalent is seeking a highly skilled Senior Detection Engineer to lead advanced detection initiatives and strengthen threat coverage. This role involves partnering with SOC, Incident Response, and Threat Intelligence teams to deliver high-quality analytics that reduce risk and drive operational outcomes.
Responsibilities:
- Lead end‑to‑end development of multi‑signal detections across endpoint, identity, network, and cloud/SaaS environments
- Build analytics using tools like Splunk (SPL), Microsoft Sentinel/Defender (KQL), FortiNDR Cloud (IQL), and Databricks SQL
- Transform threat intel (IOCs, TTPs, ATT&CK insights) into durable, production‑ready detections
- Convert vetted Sigma rules into SPL/KQL where applicable
- Drive detection‑as‑code practices including version control, change notes, CI/CD pipelines, and suppression logic
- Champion replay/backtesting to improve detection precision, recall, and signal quality
- Maintain reusable content libraries, curated views, and operational documentation
- Lead data onboarding and schema alignment to ensure analytics accuracy and completeness
- Define coverage strategies that address priority threats and control gaps
- Partner with platform teams to optimize telemetry quality, availability, and resilience
- Work hand‑in‑hand with SOC and IR teams to tune, validate, and improve detection fidelity
- Convert hunts into lasting detections and support validation efforts such as purple‑team exercises
- Develop training and tabletop exercises to strengthen analyst capabilities
- Identify automation and workflow improvement opportunities across security operations
- Provide guidance and peer reviews for junior detection engineers
- Support sprint planning and contribute to roadmap, standards, and governance for the detection engineering program
Requirements:
- Bachelor's degree in a technical or analytical field, or equivalent practical experience
- 4–6 years of relevant security experience
- 3+ years in detection engineering or SOC/IR roles focused on analytics development
- Proficiency with SPL, KQL, and at least one of IQL or Databricks SQL
- Strong understanding of IOCs, TTPs, and ATT&CK‑aligned coverage
- Hands‑on experience with detection‑as‑code, versioning, change control, and backtesting
- Ability to collaborate effectively across SOC, IR, and Threat Intel teams
- Experience integrating detections with identity/data exposure tools
- Exposure to purple‑team or detection validation exercises
- Familiarity with cloud telemetry (Azure, Entra ID, MDE) and NDR traffic analysis
- Contributions to detection libraries, runbooks, or KPI frameworks
- CTIA, CISM, CISSP, GCTI, or similar security certifications