Keeper Security, Inc.Remote
Senior Detection Engineer (SIEM / Security Observability)
United States of America
Full Time
1 week ago
H1B Sponsor Likely
Key skills
Detection engineeringSIEM engineeringSecurity observabilityDatadogSentinelOneSplunkMicrosoft SentinelElasticDetection rule developmentCorrelation logicAlert tuningSecurity telemetryLog parsingLog normalizationLog enrichmentPipeline managementCloud environmentsAWSPythonPowerShellMITRE ATT&CK frameworkAnalyticsSaaS
About this role
Keeper Security is one of the fastest-growing cybersecurity software companies that protects thousands of organizations and millions of people in over 150 countries. As a Senior Detection Engineer, you will build and operate the detection and telemetry capabilities that power security visibility across Keeper’s production and corporate environments.
Responsibilities:
- Design, build, and maintain detection and telemetry capabilities across Datadog, SentinelOne, and Wiz
- Develop, test, and tune high-fidelity detection rules aligned to real-world attack scenarios and adversary behaviors
- Continuously improve alert quality by reducing false positives, eliminating noise, and increasing detection accuracy
- Implement and mature detection-as-code practices for scalable, version-controlled, and testable rule management
- Define and enforce logging, telemetry, and instrumentation standards across cloud infrastructure, applications, endpoints, and identity systems
- Build and optimize log ingestion, parsing, normalization, enrichment, and retention pipelines
- Automate onboarding of new data sources and improve telemetry coverage across production and corporate environments
- Correlate signals across SIEM, EDR, cloud, identity, and security tooling to improve detection depth and investigation quality
- Partner with Security Operations to improve triage workflows, incident response readiness, and escalation quality
- Build dashboards, analytics, and reporting that support operational decision-making across Security, SRE, and Engineering
- Map and maintain detection coverage against MITRE ATT&CK and help identify visibility gaps
- Perform detection gap assessments and evolve use cases based on threat intelligence, threat hunting, and emerging risks
- Collaborate with cloud, infrastructure, product, and compliance teams to strengthen secure logging and observability patterns throughout the software development lifecycle
Requirements:
- 5–8+ years of experience in detection engineering, SIEM engineering, security engineering, or security observability
- Hands-on experience with SIEM, security analytics, or observability platforms, such as Datadog, SentinelOne, Splunk, Microsoft Sentinel, Elastic, or similar tools
- Experience building, tuning, and maintaining detection rules, correlation logic, and alerting workflows
- Strong understanding of security telemetry across cloud, endpoint, identity, and application environments
- Experience with log parsing, normalization, enrichment, and pipeline management
- Strong knowledge of cloud environments, with AWS preferred
- Proficiency in scripting or automation using Python, PowerShell, or similar
- Solid understanding of modern detection strategies, attacker behaviors, and the MITRE ATT&CK framework
- Ability to work cross-functionally with Security Operations, Engineering, Infrastructure, and SRE teams
- Experience with Datadog Cloud SIEM, SentinelOne, Wiz, or similar modern security platforms
- Experience with observability concepts including logs, metrics, traces, and instrumentation
- Experience with SOAR, workflow automation, or response orchestration
- Familiarity with Sigma or other detection-as-code frameworks
- Experience in high-scale SaaS, cloud-native, or security product environments
- Familiarity with zero-trust architectures, identity-centric security, and privileged access management