Detection Engineer

What We're Looking For

We are seeking a highly skilled Detection Engineer to join our Detection Engineering team. This role is responsible for designing, building, and continuously improving detection capabilities across our security stack. You will play a critical role in identifying threats, reducing risk, and enabling rapid response through high-fidelity detections and strong collaboration with Security Operations and Incident Response teams.

What You Will Do

• Design, develop, and maintain detection logic across endpoint, network, and cloud environments
• Create and tune detections using tools such as CrowdStrike, Zscaler, SIEM platforms, and DLP solutions
• Leverage Cyberhaven to build and enhance data exfiltration and insider risk detections
• Analyze logs and telemetry to identify attack patterns, anomalies, and emerging threats
• Continuously improve detection quality by reducing false positives and increasing signal fidelity
• Partner with Incident Response and Security Operations to investigate alerts and refine detection strategies
• Develop and document detection use cases, playbooks, and workflows
• Stay current with adversary tactics, techniques, and procedures (TTPs) and translate them into actionable detections
• Contribute to detection automation and engineering initiatives to improve scalability and efficiency

What You Need to Succeed

• Strong experience with Data Loss Prevention (DLP) tools and workflows like CyberHaven and Microsoft Purview
• Experience with CrowdStrike and Zscaler (or comparable EDR and network security platforms)
• Deep understanding of Windows event logs and other investigation-relevant artifacts
• Experience working with SIEM platforms, log management systems, and endpoint security tools
• Strong analytical and critical thinking skills with exceptional attention to detail
• Ability to investigate complex security events and translate findings into detection improvements
• Excellent written and verbal communication skills, with the ability to clearly explain complex security concepts
• Strong interpersonal skills and the ability to collaborate effectively across security, IT, and engineering teams
• Self-driven with a continuous improvement mindset

What Helps You Stand Out

• Experience building detections mapped to frameworks such as MITRE ATT&CK
• Familiarity with scripting or query languages (e.g., Python, KQL, SPL, SQL)
• Experience with insider threat or data exfiltration detection strategies
• Background in threat hunting or incident response