Lead Cybersecurity Detection Engineer

Lead Security Engineer (Detection)

The Lead Cybersecurity Detection Engineering will be a part of a team of Detection Engineers to design, implement, and maintain advanced detection capabilities, protecting the organization from emerging cyber threats. This crucial role will enhance the companies next-generation Cyber Defense practice, enabling rapid threat response and automated remediation. This role involves collaborating with cross-functional Engineering teams, build innovative threat detection and response use cases, and leverage threat intelligence to proactively monitor emerging threat vectors. The ideal candidate will have expert-level knowledge in SIEM implementation and log ingestion, Incident Response, and Threat Intelligence, and will be data-driven.

Cybersecurity Detection Engineering:

• Design advanced threat detection techniques using tools such as SIEM, EDR, NDR, and SOAR platforms.
• Develop detection-as-code rules and automated remediation, playbooks, and alerts tailored to the organization's threat landscape for enterprise and customer security.
• Leverage industry standard MITRE frameworks to show detection coverage and gaps.
• Monitor, optimize, and continuously improve detection systems for performance, scalability, and effectiveness.
• Work alongside the Threat Detection and Response team to continuously improve cybersecurity capabilities in identification, management, and response to threats in the most efficient and effective manner.
• Performs attack simulation testing to validate efficacy of use cases and purple teaming exercises collaborating with the Vulnerability Mgmt team.
• Manages and maintains SIEM/Data Lake data management and log ingestion infrastructure in collaboration with Cyber Defense Engineering.
• Maintains operational guidelines, diagrams, and documentation for security detection and response.

Incident Response Support:

• Collaborate with the incident response team to ensure rapid detection and containment of cyber threats.
• Provide technical expertise and guidance to develop detection use cases during high-severity security incidents.
• Continuously improve detection and response processes based on lessons learned from incidents.
• Other duties may be assigned as needed to address new security threats facing the enterprise.
• Provides off hour support as needed for security administration, detection, and response activities.

Threat Intelligence Integration:

• Leverage threat intelligence to enhance detection capabilities and proactively mitigate risks.
• Identify and analyze new and emerging threat vectors and incorporate them into detection strategies.

Stakeholder Collaboration:

• Partner with other Cybersecurity, Engineering, and Product teams to align detection strategies with organizational objectives.
• Communicate detection capabilities and findings to technical and non-technical stakeholders, including executive leadership.

Governance and Compliance:

• Ensure all detection processes and tools adhere to regulatory requirements and industry standards (e.g., GDPR, PCI-DSS, NIST).
• Establish and maintain documentation of detection strategies, processes, and configurations.

Skills

Detection Engineering

Ability to:

• Work with internal Cybersecurity teams and external MSSPs for creation and operationalization of Detection Engineering use cases for WAF, DDoS Protection, Email systems, DLP, AV, and Endpoint security technologies.
• Develop security event correlation in SIEM technologies.
• Apply security Threat Intelligence to identify new threat vectors.
• Lead projects to improve security monitoring and response capabilities.
• Demonstrate a strong security engineering and architecture background to best understand how to employ the most effective and efficient security monitoring.
• Demonstrate effective communication of security issues to management and others.
• Maintain detection use case and SIEM configuration guidelines and standards for security.

WHO YOU ARE?

Qualifications

• Bachelor's degree in Computer Science and 6 years of industry related professional experience and education.
• Multi-cloud security experience AWS/Azure/GCP
• Expert level knowledge on Detection Engineering, and Security Operations/Incident Response tools and processes
• Strong hands-on experience with SIEM/SOAR/Data Lake solutions (Splunk, Snowflake, S3)
• Expertise with query languages (SQL, SPL, BigQuery)
• Expert level knowledge on the attack kill chain and diamond model.
• Working experience with industry standard security technologies and services such as Threat Intelligence, Firewalls, SASE, IPS, Endpoint Security, DLP, SIEM/SOAR, and Data Mgmt.
• Experience with coding languages to build/automate (e.g., Python, Go)

Desirable

• GSEC, GCIA, GFE, GCFA, CISA, CISSP, CISM, or CIA certification(s)
• Dev Ops / Engineering / Network / System Administration experience