Sr Security Engineer, Detection Engineering

Description

• Integrate and manage security controls across cloud and endpoint environments, ensuring alignment with organizational policies and regulatory requirements.
• Conduct investigations, and escalation of security incidents, collaborating with MDR partners and SOC analysts to ensure timely and effective response.
• Tune and optimize SIEM rules, alerts, dashboards, and reporting mechanisms for improved visibility and operational efficiency.
• Provide mentorship, guidance, and training to SOC analysts and junior team members, fostering a culture of continuous improvement and knowledge sharing.
• Maintain and foster productive communication channels with security solution partners, vendors, service providers, and consulting entities.
• Work closely with engineering, IT, business units, and MDR partners to align security operations with organizational goals and drive cross-functional initiatives.
• Maintain readiness for rapid response to critical security events, including participation in on-call rotations and after-hours escalations.
• Contribute to the development and enhancement of SOC processes, playbooks, and best practices.
• Conduct forensic investigations, root cause analysis, and collaborate with internal and external stakeholders to ensure effective resolution and documentation of incidents.
• Architect and implement automation workflows using SOAR platforms and native integrations to streamline incident response, alert triage, and remediation processes.
• Provide actionable insights and recommendations to leadership based on analysis of SOC data and security operations outcomes.
• Participate in the full incident response lifecycle, including detection, containment, eradication, recovery, and post-incident analysis for complex security events.
• Develop and maintain SOC metrics, dashboards, and executive-level reporting on incident trends, detection effectiveness, automation outcomes, and overall SOC performance.
• Develop playbooks and automated response actions to accelerate containment and recovery during security incidents.
• Monitor and analyze security events in real-time across diverse environments (cloud, on-premises, hybrid) using SIEM, XDR, and log management platforms.
• Integrate threat intelligence feeds and behavioral analytics to improve detection capabilities and proactively identify emerging threats.
• Design, develop, and continuously optimize detection rules, analytics, and use cases for SIEM and XDR platforms (e.g., Microsoft Sentinel, Palo Alto Cortex XDR) to enhance threat detection and minimize false positives.
• Stay current with industry trends, emerging threats, and new technologies to ensure the SOC remains effective and resilient.

Requirements

• Demonstrate hands-on experience with Microsoft security technologies (Sentinel, Purview, Defender for Cloud, Defender for Endpoint) and Palo Alto Cortex XDR.
• Ability to facilitate productive meetings and work successfully in a team-oriented environment.
• 3+ years of experience with automation engineering, designing and implementing automated workflows for incident response and alert triage using SOAR platforms or native integrations.
• Experience integrating and operationalizing threat intelligence feeds, behavioral analytics, and data sources to enhance detection and response capabilities.
• 5+ years of experience with detection engineering, including developing and tuning detection rules, analytics, and use cases for SIEM and XDR platforms.
• Deep understanding of incident response methodologies, forensic investigation, malware analysis, and root cause analysis for complex security events.
• 5+ years of relevant work experience in security operations, with a focus on SOC environments, incident detection/response, and threat hunting.
• Advanced skills in automation engineering, with hands-on experience designing and implementing automated workflows for incident response, alert triage, and remediation using SOAR platforms and native integrations.
• Strong knowledge of Microsoft security technologies, including Sentinel, Purview, Defender for Cloud, and Defender for Endpoint, as well as Palo Alto Cortex XDR for threat detection, investigation, and response.
• Familiarity with vulnerability management tools (e.g., Rapid7, Nessus, Qualys), and experience conducting network-based vulnerability assessments.
• Proficiency in cloud security, endpoint protection, network security principles, and current threat landscape, with the ability to secure hybrid and multi-cloud environments.
• Travel: Occasional travel (less than 25%) may be required to support incident response or business requirements.
• 5+ years of experience implementing and managing SIEM and XDR technologies in a mid to large-scale enterprise environment, including Microsoft Sentinel and Palo Alto Cortex XDR.
• Strong knowledge and experience with Microsoft Security Solutions, such as Microsoft Purview, Defender for Cloud, and Defender for Endpoint, and Palo Alto Cortex XDR.
• Skilled in developing and maintaining SOC metrics, dashboards, and executive-level reporting on incident trends, detection effectiveness, and automation outcomes.
• Certifications: Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), CompTIA Cybersecurity Analyst+ (CySA+), Microsoft Security Operations Center Analyst (SC-200), AWS Certified Security-Specialty, or similar advanced security certifications preferred.
• Education: Bachelor’s degree required in Computer Science, Cybersecurity, Engineering, or related field. Master’s degree preferred.
• Expert-level proficiency in detection engineering, including the creation, tuning, and optimization of detection rules, analytics, and use cases for SIEM and XDR platforms (e.g., Microsoft Sentinel, Palo Alto Cortex XDR).

Benefits

Training + Development

Interview process

Visa Sponsorship

Security clearance