Your Day-to-Day
- Develop and fine-tune threat detection logic within SIEM platforms by correlating telemetry from diverse log sources to identify suspicious activity.
- Design, build, and maintain SOAR playbooks and automation workflows to streamline response and scale incident handling.
- Collaborate with product and infrastructure teams to understand application architecture and operational environments, enabling the development of context-aware detection rules.
- Conduct regular threat hunts and leverage intelligence to uncover anomalous behavior, misconfigurations, or emerging risks.
- Integrate and correlate internal and external threat intelligence to support broader detection strategies and response readiness.
- Create and maintain scalable frameworks and documentation to enable continuous contribution and improvement across the detection program.
- Engage with development and platform teams to provide proactive guidance on securing new features and infrastructure.
- Report on detection trends, effectiveness metrics, and key findings, translating technical insights into actionable recommendations for stakeholders.
Core Responsibilities
- Translate threat actor TTPs (e.g., MITRE ATT&CK) into reliable, high-fidelity detections.
- Tune and maintain alerting rules across SIEM, EDR, and cloud-native tools to minimize false positives.
- Identify visibility gaps and partner with platform teams to improve data collection and normalization.
- Participate in validation exercises, including red and purple team simulations, to assess and improve detection coverage.
- Support the full lifecycle of detection development — from idea to deployment, tuning, and documentation.
What You Bring
- 5+ years of experience in cybersecurity, with a focus on detection engineering, threat hunting, or security automation.
- Hands-on experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar) and EDR solutions (e.g., CrowdStrike, SentinelOne).
- Proficiency in SIEM query languages like SPL or KQL.
- Strong understanding of attacker behavior, threat modeling, and adversary simulation techniques.
- Familiarity with scripting (Python, PowerShell, etc.) and automation in the context of security operations.
- Excellent collaboration and communication skills with the ability to convey complex security concepts to diverse audiences.
Travel Percent:
The total compensation for this practice may include an annual performance bonus (or other incentive compensation, as applicable), equity, and medical, dental, vision, and other benefits. For more information, visit .
The US national annual pay range for this role is $143,500 to $212,850
Our Benefits:
Any general requests for consideration of your skills, please