Detection Engineer
Tasks
- Collaborate with SOC and NOSC analysts to tune alerts
- Coordinate telemetry ingestion normalization and field mappings
- Create detection dashboards and alerting content
- Develop correlation rules signatures behavioral analytics
- Develop detection logic for SIEM
- Document detection logic metadata versioned content change history
- Map detections to MITRE ATT&CK
- Review telemetry quality and coverage gaps
- Test detection rules in lab and datasets
- Translate threat intelligence into detection use cases
- Tune detections to reduce false positives
- Update runbooks for detection tuning and triage
- Validate detection operational readiness
Perks/Benefits
- N/A
Skills/Tech-stack
Analytic Queries | Automated testing | Behavioral analytics | Correlation rules | DCI | Data Ingestion | Data Normalization | Detection Performance Metrics | Detection and Response | Detection engineering | EDR | Endpoint Detection and Response | Endpoint detection | False Positive Tuning | Field mapping | IDS | IPS | KQL | MTTD | Mitre Attack | OT | OT Telemetry | Performance Metrics | Precisión | Recall | Runbooks | SIEM | SOAR | SOC Analytics | SPL | Security analytics | Sigma | Signatures | Telemetry Quality | Threat Intelligence | Vulnerability data
Education
Related jobs
-
Security Engineering Manager USD 170K-200KAutomation workflows | CIS Critical Security Controls | Cloud Security | Critical Security Controls | Cybersecurity FrameworkOn-call support | Remote workMid-level Full TimeWork from home, VA, United States R6h ago
-
Automation platforms | Bash | Cortex XSOAR | Incident Response | JSONOnsite as neededSenior-level ContractColumbia, United States9h ago
-
CTI Methodologies | Cyber Threat | Cyber Threat Intelligence | Enterprise antivirus | FirewallsSenior-level Full TimeCalifornia, USA11h ago
-
Cybersecurity Analyst USD 50KAccess Control | Authentication Protocols | Change Management | DNS | DNS Filtering401k match | Accident Supplemental Plan | Adoption Assistance | Company-provided life insurance | Dental insuranceMid-level Full TimeDearborn, MI, 48126, US12h ago
-
Network Security and Firewall Engineer - City USD 86K-132KAccess Control | Access Control Lists | Detection and prevention | Event management | Firewall administrationSenior-level Full TimeOklahoma City, OK, United States17h ago
-
Staff Software Engineer - Data Query USD 191K-224KAgile | Automated testing | Big Data | C++ | Data StructuresSenior-level Full TimeUnited States, Remote R18h ago
-
Director, Splunk Platform Engineering & SRE USD 147K-310KAnsible | Data Ingestion | Disaster Recovery | Distributed Systems | Error BudgetsFlexible global resources and tools | Paid leave | Paid volunteer time | Wellbeing programsExecutive-level Full TimeNew York, NY, United States20h ago
-
Information Security Officer USD 148K-200KAPI Security | AWS | AWS Config | AWS Well Architected | AWS Well-Architected Security PillarPeriodic travel | Remote workSenior-level Full TimeRemote (United States); Canada R20h ago
-
Senior-level Full TimeHouston, United States22h ago
-
Principal Threat Detection Engineer - Blue Team USD 144K-288KAdversary Emulation | Bash | Cribl | CrowdStrike | Defender for EndpointSenior-level Full TimeNew York-161 Ave of the Americas, …22h ago
-
Senior Cyber Threat Intelligence Analyst USD 96K-154KAnalytical Techniques | Automation | Cyber Threat | Cyber threat hunting | Diamond ModelHybrid work | No visa sponsorship | US Citizen or valid Green Card requiredSenior-level Full TimeUS OH CIN 8500, United States22h ago
-
Senior Security Monitoring and Response Analyst USD 96K-163KAttack analysis | Bash | ISO 27001 | Incident Response | Log AnalysisFitness reimbursement | Mentoring and coaching | On-call rotation | Tuition reimbursementSenior-level Full TimeO'Fallon, Missouri (Main Campus), United States22h ago
-
Analyst, IT Security USD 70K-90KCase design | Compliance | Cybersecurity | Data Analysis | Data NormalizationHybrid workstyle | Paid time offMid-level Full TimeFL - Saint Petersburg - 880 …22h ago
-
Information Systems Security Engineer USD 99K-225KATO | Access Management | Atc | Containerization | DHCPDependent care | Paid leave | Professional development | Tuition assistance | Work-life programsMid-level Full TimeUSA, NC, Fort Bragg (2175 Reilly …22h ago
-
Security Analyst (Detection and Incident Response) USD 95K-130KCloud Security | Elastic | Forensics | Host-Based Collection | Incident Response401k | Dental insurance | Disability insurance | Employee stock purchase plan | Life insuranceMid-level Full TimeHawthorne, CA23h ago
-
Information Systems Security Officer - Senior USD 100K-203KATO | Control Assessment | EDR | FISMA | FedRAMPCareer growth | Hands-on training | Industry certificationsSenior-level Full TimeWashington, DC23h ago
-
Staff Software Engineer USD 170K-210KData Aggregation | Data Ingestion | Data Storage | Data reporting | Distributed SystemsContinuous shipping | Customer-focused work | Fast-moving team | Hands-on AI experienceSenior-level Full TimeUnited States1d ago
-
Qualys System Administrator USD 160K-195K800-53 | AWS | Access Control | Asset Inventory | Asset taggingSenior-level Full TimeRockville, MD, United States1d ago
-
Physical Security Network Engineer - SOUTHCOM J2 USD 107K-144KAAA | Active Directory | Application deployment | Backup Management | CertificatesMid-level Full TimeDoral, US-FL, US1d ago
-
Principal Systems Security Engineer USD 150KAPI Gateway | AWS | Anomaly Detection | Authentication | AuthorizationRemote work | Travel as neededSenior-level Full TimeSalt Lake City, UT1d ago
-
Sales Engineer, Enterprise Named USD 200K-240KAccess Management | Cloud Security | Communication skills | Cybersecurity | IPSec401k | Dental insurance | Disability insurance | Leave Program | Life insuranceMid-level Full TimeNew York, NY, United States1d ago
-
Information Security Engineer | North America (EST) USD 167K-215KAWS | Azure | Browser Extension | Browser extension security | Browser managementAdditional country based perks and benefits | Optional WeWork access | Remote work flexibility | Stock grant opportunitiesSenior-level Full TimeUSA R1d ago
-
Alert optimization | CrowdStrike | Dashboard Development | Data Normalization | Log source integration100 percent remote | Telework within United StatesSenior-level Full TimeAustin, TX R1d ago
-
AI Security | Analytics | CASB | Cloud Security | DLPCorporate holidays | Flexible time off | Group dental insurance | Group medical insurance | Home internet allowanceSenior-level Full TimeColumbus, OH1d ago
-
Tier 1 Cyber Security Analyst (SOC Analyst) – Day USD 70K-104KAlert triage | Brute Force | Brute Force Detection | DNS | EDRMid-level Full TimeSan Antonio, TX, United States1d ago