Senior Detection Engineer
United States of America
Full Time
3 weeks ago
Visa Sponsor
Key skills
Security OperationsDetection EngineeringThreat HuntingDigital Forensics & Incident ResponseKusto Query Language (KQL)Microsoft Security PlatformsSplunk Processing Language (SPL)Splunk Enterprise SecurityFalcon Query Language (FQL)YARAPythonGoPowerShellStatisticalAnomaly-based Detection TechniquesAISplunk
About this role
Arcova is a global cybersecurity and AI consulting firm dedicated to delivering comprehensive solutions that strengthen resilience and protect critical assets. They are seeking a Senior Detection Engineer to develop, implement, and tune detections and alerting logic, conduct proactive Threat Hunts, and collaborate with various teams to support incident response activities.
Responsibilities:
- Develop, implement, and tune detections and alerting logic in common XDR, SIEM, and SOAR platforms across multiple environments
- Design, execute, and report on proactive Threat Hunts using client-native tools and log sources
- Escalate findings from Threat Hunts according to SLA and SOP
- Align activities with major frameworks (e.g., ATT&CK) as necessary
- Develop high-quality client deliverables including reports and presentations based on templates, SOPs, and past examples
- Use Purple Team and Threat Hunt results to create new detections tailored to clients’ particular needs
- Support Incident Response activities across various client environments
- Collaborate with SOC and DFIR teams to assist with investigations (e.g., Root-Point-of-Compromise analysis), build dashboards, and otherwise augment the Cyber Fusion Center’s other services
- Create and maintain documentation as necessary
- Contribute ongoing improvements and/or augmentations to our internal processes
Requirements:
- 5+ years of experience in Security Operations
- 2+ years of experience in Detection Engineering and Threat Hunting
- Experience supporting Digital Forensics & Incident Response activities
- Strong proficiency in Kusto Query Language (KQL)
- Proficiency with Microsoft security platforms (e.g., Defender, Sentinel, Entra, etc.)
- Strong proficiency in Splunk Processing Language (SPL)
- Proficiency with Splunk Enterprise Security
- Strong proficiency with AT LEAST ONE of: Falcon Query Language (FQL), YARA, YARA-L, Python, Go, PowerShell
- Experience in cybersecurity consulting or MSSP environments
- Experience performing incident response activities
- Certifications relevant to DE&TH
- Familiarity with threat emulation (e.g., Red/Purple Teaming)
- Strong proficiency with statistical, anomaly-based, and other advanced detection techniques