Original listing text, shown exactly as published by the company.
WHAT YOU WILL BE DOING
Detection Engineering & Content Development
- Design, develop, and deploy advanced detection rules and logic across SIEM, EDR, CSPM, and cloud-native security platforms.
- Build and maintain detection-as-code using modern frameworks and version control systems (Git).
- Create high-fidelity, low-noise detections mapped to the MITRE ATT&CK framework, focusing on cloud-specific threats and techniques.
- Continuously research emerging threats, TTPs (Tactics, Techniques, and Procedures), and translate threat intelligence into actionable detection content.
- Perform detection efficacy testing and validation using purple team exercises and adversary emulation frameworks.
AI & Machine Learning Integration
- Leverage AI/ML capabilities within security platforms to enhance threat detection accuracy and reduce false positives.
- Build and tune machine learning models for anomaly detection, behavioral analytics, and predictive threat identification.
- Integrate generative AI and large language models (LLMs) to accelerate alert triage, investigation workflows, and threat analysis.
- Evaluate and implement AI-powered security tools for automated threat detection, alert enrichment, and investigation assistance.
- Monitor and optimize AI/ML model performance, addressing data quality, model drift, and false positive/negative rates.
Cloud Security Detection & Monitoring
- Act as a Subject Matter Expert (SME) for cloud security detection engineering across AWS, Azure, and GCP environments.
- Design detections leveraging cloud-native logs (CloudTrail, Azure Activity Logs, GCP Audit Logs) and security services (GuardDuty, Security Command Center, Defender for Cloud).
- Build detections for cloud-specific threats including misconfigurations, identity compromise, data exfiltration, and infrastructure attacks.
- Monitor container and Kubernetes environments, developing detections for runtime threats and supply chain attacks.
Security Automation & Orchestration
- Design and implement automated detection deployment pipelines using secure CI/CD methodologies.
- Build custom scripts (Python, PowerShell, Bash) for automated alert enrichment, evidence collection, and response actions.
- Develop and maintain automated response playbooks in SOAR platforms to handle detection-triggered workflows.
- Integrate security tools via APIs to create seamless, automated detection and response ecosystems.
- Identify opportunities to apply automation and AI to reduce Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR).
Continuous Improvement & Collaboration
- Analyze detection performance metrics, false positive rates, and coverage gaps to drive continuous improvement.
- Collaborate with threat intelligence, incident response, and threat hunting teams to refine detection strategies.
- Create and maintain comprehensive documentation for detection logic, tuning procedures, and operational runbooks.
- Provide technical guidance on detection engineering best practices and emerging technologies.
- Stay current with the latest security research, adversary techniques, and AI/ML
advancements in cybersecurity.
WHAT YOU BRING
Bachelor's degree in Computer Science, Information Security, Data Science, or a
related field.
- 8-12 years of experience in cybersecurity with at least 4+ years focused on detection engineering, threat detection, or security analytics.
- Strong Cloud Security Detection Skills: Deep, hands-on experience building detections for at least one major cloud provider (AWS, Azure, or GCP), including native security services and log sources.
- AI/ML Security Experience: Practical experience applying machine learning, anomaly detection, or AI-powered tools to security use cases. Understanding of AI/ML model development, tuning, and evaluation.
- Detection Engineering Expertise: Proven track record of creating high-quality detection content using SIEM platforms (Splunk, Azure Sentinel, Chronicle), EDR solutions (CrowdStrike, Microsoft Defender), and cloud security tools.
- Automation & Scripting Proficiency: Strong programming skills in Python (required), with experience in PowerShell or Bash. Ability to build detection pipelines and automation frameworks.
- Technical Depth: Hands-on experience with SOAR platforms, detection-as-code frameworks, log analysis, and data correlation techniques.
- MITRE ATT&CK Mastery: Expert-level understanding of the MITRE ATT&CK framework and its application to detection engineering and threat modeling.
- Analytical Mindset: Strong problem-solving skills with the ability to analyze complex data sets, identify patterns, and translate findings into detection logic.
Good to Have
- Certifications: GIAC Certified Detection Analyst (GCDA), GIAC Cyber Threat Intelligence (GCTI), AWS Certified Security Specialty, Azure Security Engineer Associate, or equivalent.
- Experience with threat intelligence platforms (TIPs) and threat hunting methodologies.
- Knowledge of adversary emulation tools (Atomic Red Team, Caldera,etc.).
- Familiarity with data science tools and frameworks (Jupyter, pandas, scikit-learn).
- Contributions to open-source detection content repositories (Sigma rules, detection
rules, etc.).
