Sr Detection Engineer

The Sr Detection Engineer leads the activities that enhance the organization's security posture by developing, implementing, and maintaining robust security monitoring and detection capabilities. This role requires in-depth expertise in threat identification and analysis with a focus on identifying and investigating sophisticated threats. The Sr Detection Engineer will lead the development and implementation of advanced detection techniques, mentor junior engineers, and drive continuous improvement in the security monitoring program. They will actively contribute to the improvement of security processes and procedures, collaborate effectively with other security teams, and communicate security findings to both technical and non-technical audiences. This role requires a strong understanding of the evolving threat landscape and the ability to stay abreast of cutting-edge security research and technologies. Responsibilities: Lead the design, development, and implementation of advanced security monitoring and detection capabilities. Mentor and guide junior Detection Engineers. Analyze security logs from various sources, including firewalls, intrusion detection systems (IDS/IPS), endpoint detection and response (EDR) systems, applications, and cloud provider platforms. Develop and maintain high-fidelity security monitoring rules and alerts using consistent and repeatable processes. Develop, optimize, and facilitate the use of repeatable templates, documentation requirements, and procedures. Develop, maintain, and improve an alert lifecycle, and periodically review alerts for relevancy, efficacy, and potential for improvement. Lead multi-team meetings to capture feedback, share information, refine alerts, and facilitate a collaborative working environment. Be knowledgeable and share information about detection engineering best practices for skills, technology, and processes. Investigate threat intelligence and security incident data to create and refine detection logic. Stay on top of industry news and investigate and prioritize detections as part of a threat-informed defense. Stay current on emerging threats, vulnerabilities, and attack techniques. Participate in security incident response activities as needed. Collaborate effectively with other security teams, including incident response, threat intelligence, vulnerability management, and application security. Develop relationships to cultivate internal and external intelligence and emulate threat activity to support detection creation and test detection efficacy. Analyze and prioritize detection coverage relative to existing industry standard frameworks (e.g., MITRE ATT&CK). Enhance team capabilities through ongoing research, automation (scripting, etc.), and the development of new tools and methodologies to improve threat detection and incident response capabilities. Develop and lead special projects, such as evaluating new security tools and technologies, developing proof-of-concept solutions, and building tools/capabilities to solve specific security challenges.