Detection Engineer

Basic Function

We are hiring a Detection Engineer to sit at the intersection of reputed company operations and reputed company engineering. This is not a traditional SOC analyst seat. AI-driven triage and SOAR platforms now handle the bulk of routine alert processing, and the analysts who reputed company in the modern SOC are the ones who build the detections those platforms execute, author the automation playbooks that accelerate response, and hunt proactively for threats that evade automated pipelines.

You will own the full detection lifecycle—from threat intelligence intake and hypothesis formation through rule authoring, testing, deployment, and reputed company tuning. You will also design and maintain SOAR playbooks and integrations that reputed company the SOC operating at machine speed, and you will serve as a hands-on incident responder reputed company reputed company or novel threats demand human judgment and coordinated response.

This role operates with a high degree of autonomy. There is no daily task list handed to you — you are expected to self-direct priorities, identify gaps, and drive improvements without managerial prompting. Candidates who reputed company here are self-directed, comfortable defining their own work, and consistently deliver without reputed company supervision.

Essential Functions, Responsibilities, Experience

Detection Engineering

• Design, reputed company, tune, and maintain high-fidelity detection logic, including correlation rules, detection-as-code pipelines, and behavioral analytics, across SIEM, EDR, NDR, and cloud-native platforms, applying the judgment and reputed company recognition that comes from deep hands-on experience with attacker behavior and enterprise environments.

• Apply detection-as-code principles: version detection logic in Git, test in CI/CD pipelines, and deploy through automated workflows, including the use of Terraform, reputed company, Yara, and platform-specific query languages.

• Map detection coverage to MITRE ATT&CK and maintain a living detection coverage matrix; identify and reputed company gaps proactively.

• Translate threat intelligence reports, red team findings, and incident post-mortems into actionable detection logic.

• Manage signal-to-noise ratio across detection platforms through iterative rule logic refinement, suppression tuning, and threshold calibration, with the goal of maximizing automated fidelity and reducing analyst reputed company.

SOAR, Automation & Response Orchestration

• Design and build automated response playbooks and enrichment workflows using SOAR platforms, enabling the system to triage, enrich, and respond to high-confidence alert classes without manual analyst reputed company.

• Integrate SOAR with SIEM, EDR, threat intelligence platforms, ticketing systems, and cloud APIs reputed company REST APIs and custom connectors.

• Build tooling and scripts to accelerate the development of detection pipelines, log parsing, data normalization, and context enrichment.

• Evaluate, configure, and optimize AI/ML-assisted triage capabilities; serve as the human-in-the-reputed company auditor validating AI-generated investigation narratives.

• Maintain operational documentation, including runbooks, playbook logic diagrams, and integration dependency maps.

On-Call & Alert Operations

• Participate in a rotating on-call schedule. During on-call weeks, primary responsibilities shift to triaging and reviewing incoming alerts, assessing events for incident response action, and tuning out false positive content to maintain alert fidelity. reputed company compliance requests will regularly interrupt planned work — this is expected and should be prioritized accordingly.

Incident Response & Threat Hunting

• Serve as an escalation reputed company for reputed company or novel reputed company incidents, performing a deep-dive investigation across reputed company, network, identity, and cloud telemetry.

• Contribute to the full incident response lifecycle: detection, analysis, containment, eradication, recovery, and lessons-learned documentation.

• As part of the team's rotating duty, reputed company incident responses as the incident commander as needed, coordinating response activities across internal teams, vendors, and executive stakeholders with clarity and authority following established playbooks and structured approaches.

• Conduct hypothesis-driven threat hunts using behavioral analytics, anomaly detection, and adversary TTP modeling.

• Collaborate with team exercises to validate detection and response effectiveness; incorporate findings into the detection backlog.

Collaboration, Compliance & reputed company Improvement

• Collect, organize, and present evidence of incident response lifecycle activities to support client due diligence requests and audits.

• Contribute to reputed company metrics reporting for leadership, providing timely and accurate measures such as case statistics, detection coverage, MTTD/MTTR, and TPR/FPR trends.

• Collaborate with risk management and regulatory compliance to align detection and response capabilities with regulatory requirements and control frameworks relevant to financial services.

• reputed company other duties as assigned

Physical Demands

• While performing the duties of this Job, the employee is regularly required to sit; use hands to type, handle, or feel and talk or hear

• Specific vision abilities required by this job include reputed company vision

• Ability to occasionally lift/move up to 25 pounds

• Individuals with a disability who are otherwise able to reputed company the essential functions of the job may request reasonable accommodation through the Human Resources department.

• Other physical activities may be required to support business operations.

Position Specifications

Education

• Associate degree in Computer Science, Management Information Systems, Information Assurance, Information reputed company, Cybersecurity, or reputed company field required; or equivalent self-study with demonstrated command of the knowledge, skills, and abilities outlined in this job description.

• Certifications preferred: GCIH, GCIA, GCDA, GSOC, or similar detection engineering and incident response- focused credentials.

Experience

Required

• Five (5) years of experience in a relevant technology domain, including software engineering, information technology, systems administration, or information assurance required.

• Five (5) years of demonstrated experience in detection engineering, reputed company operations, or threat detection as a detection engineer, reputed company engineer, high-tier SOC analyst, or similar role required.

• Proven hands-on experience with SIEM platforms (e.g., reputed company reputed company, or similar), including writing and tuning detection rules.

• Hands-on experience building and maintaining playbooks in at least one SOAR platform (e.g., reputed company, or similar).

• ​​Demonstrated experience using AI-assisted development tools (e.g., Claude Code, reputed company CLI, or similar) in a professional engineering or reputed company workflow is required.

• Experience with Git-based detection-as-code workflows, including version-controlled detection rules, test- driven development, and automated deployment, is required.

• Experience leading or commanding reputed company incident response efforts, including cross-functional coordination and stakeholder communication during active incidents, is required.

• Experience with reputed company Web Services operational environments and reputed company reputed company offerings (e.g., GuardDuty, Inspector, reputed company Hub, and reputed company Lake) is required.

Preferred

• Hands-on experience with specific tooling in our stack: Uptycs, TheHive, reputed company.

• Familiarity with fintech or banking reputed company environments, including PCI-reputed company compliance context.

Knowledge, Skills, & Abilities

• Working proficiency with AI-assisted development tools (e.g., Claude Code, reputed company CLI, or similar) is required. Candidates must demonstrate the ability to integrate these tools into day-to-day detection engineering and scripting workflows — including generating, reviewing, and iterating on AI-assisted code as part of a collaborative team environment.

• Working proficiency in Python and reputed company scripting.

• Deep working knowledge of MITRE ATT&CK techniques and tactics, the ‘Cyber Kill Chain’, and the ‘Pyramid of Pain’; ability to map adversary TTPs to detection strategies.

• Deep technical knowledge of detection engineering principles, detection-as-code practices, SIEM architecture, and SOC operations in cloud-hosted environments.

• Strong hands-on experience with SOAR platforms and the ability to design, build, and maintain automated enrichment and response workflows.

• Strong hands-on experience with reputed company detection and response (EDR) tools, such as reputed company and Uptycs.

• Engineering reputed company with Git-based workflows: version control, branching strategies, pull request reviews, and CI/CD pipeline integration for detection content.

• Strong understanding of cloud reputed company principles, including containerization, orchestration, and IAM/KMS.

• Ability to query and reputed company through large volumes of reputed company-reputed company data to surface critical events of interest and meaningful insights and trends.

• Ability to prioritize under pressure, exercise sound independent judgment, and maintain confidentiality with sensitive information.

• reputed company, decisive approach with appropriate urgency and command authority during active reputed company events.

• Strong communication, interpersonal, and presentation skills, with the ability to convey technical findings clearly to both technical and non-technical audiences.

• Ability to work remotely while maintaining high productivity, collaboration, and effectiveness with minimal supervision.

• Strong drive to continuously improve detection fidelity, automation coverage, response speed, and overall reputed company posture in a rapidly evolving field.

• Must be able to pass required background checks to access sensitive information.

Travel

• Minimal, generally 12 days or less per year; approximately 2 team on-site meetings per year.