The incumbent will be responsible for designing, implementing, and maintaining security detection capabilities across our organization&aposs infrastructure and applications. This role bridges security operations and development teams to build automated, scalable detection systems that identify potential security threats early. Working within a DevSecOps framework, the Detection Engineer will help embed security throughout the development lifecycle while maintaining robust threat detection capabilities in production environments.
Key Responsibilities:
- Design and implement detection rules and alerts across security tools including SIEM, EDR, and cloud security platforms
- Create reproducible detection engineering workflows using infrastructure as code and CI/CD pipelines
- Develop and maintain security monitoring use cases based on current threat intelligence and known attack patterns
- Implement Detection as Code practices to version control, test, and deploy detection rules
- Configure and optimize SIEM and SOAR platforms to improve detection capabilities and response workflows
- Conduct threat hunting activities to proactively identify potential security incidents
- Reduce false positives through continuous tuning and refinement of detection capabilities
- Collaborate with development teams to integrate security monitoring into application architecture
- Automate security response workflows for common threat scenarios
- Document detection strategies, processes, and procedures
- Review and validate security alerts to determine appropriate response actions
- Stay current with emerging threats and attack techniques
Knowledge:
- Advanced understanding of attack methodologies, TTPs, and the MITRE ATT&CK framework
- Deep familiarity with log sources and event data across operating systems, network devices, and cloud platforms
- Comprehensive knowledge of security monitoring technologies (SIEM, EDR, NDR, XDR)
- Strong understanding of SIEM architecture, rule development, and SOAR playbook creation
- Proficiency in Amazon Web Services infrastructure, services, and security controls
- Understanding of Detection as Code methodologies and best practices
- Understanding of common security frameworks (NIST, CIS, ISO 27001)
- Awareness of DevOps principles and CI/CD workflows
- Knowledge of compliance requirements relevant to the organization&aposs industry
- Understanding of cloud security architecture in major platforms (AWS, Azure, GCP)
Skills:
- Proven experience implementing and managing SIEM solutions (e.g., Splunk, Elastic, QRadar, Microsoft Sentinel)
- Demonstrated experience with SOAR platforms and automated response workflows
- Hands-on experience with AWS security services (GuardDuty, Security Hub, CloudTrail, CloudWatch)
- Proficiency in Detection as Code practices using tools like Panther, Sigma, or similar frameworks
- Experience building, testing, and deploying detection rules through CI/CD pipelines
- Proficiency in at least one programming language such as Python, Go, or PowerShell
- Experience with infrastructure as code tools (Terraform, CloudFormation, etc.)
- Strong data analysis and pattern recognition abilities
- Expertise in log parsing, normalization, and correlation techniques
- Experience with query languages used in security tools (KQL, SPL, etc.)
- Ability to develop and implement detection logic using YARA, Sigma, or similar rule formats
- Practical experience with Git and version control for detection rule management
- Skilled in using and integrating APIs for security tooling
- Strong documentation and technical writing abilities
- Excellent communication skills to explain complex security concepts to various stakeholders
