Lead Detection Engineer

You will develop, tune, and improve Solis Security's detection capabilities while supporting the long-term detection strategy. Create high-fidelity detections across XDR, SIEM, cloud, endpoint, and identity platforms, working with SOC, Incident Response, and Threat Research teams.
Implement a layered detection framework using endpoint, network, identity, and cloud telemetry.
Expand detection frameworks and coverage for evolving threats
Build behavioral detections aligned to MITRE ATT&CK, ATLAS, and related frameworks.
Develop detection-as-code content with version control, testing, and CI/CD deployment.
Prioritize the detection backlog using risk-based analysis to maximize risk reduction
Prioritize detection development based on risk.
Tune detections to reduce false positives and improve fidelity.
Continuously monitor and translate emerging attacker TTPs into actionable detection logic.
Conduct coverage gap analyses and develop detections to address risks.
Collaborate with SOC, IR, and Platform Engineering teams on telemetry and detection quality
Maintain dashboards and metrics, including coverage, MTTD, and false-positive rates.
Own the full detection lifecycle from threat intelligence through deployment and optimization, building scalable detection frameworks and high-confidence alerts.
Experience
7+ years in detection engineering, threat research, SOC engineering, or incident response.
Experience with XDR/SIEM platforms.
Strong understanding of attacker TTPs.
Experience creating detections using KQL, Sigma, SPL, or similar languages.
Scripting skills in Python, PowerShell, or equivalent.
Analyze large datasets and validate detection hypotheses
Strong communication and collaboration skills.
Preferred Qualifications
Experience with data fusion and multi-source correlation.
Detection-as-code experience using Git, CI/CD, and automated testing.
Experience developing cloud detections across AWS, Azure, or GCP.
Familiarity with SOAR platforms and automated response workflows.
Threat hunting experience using structured methodologies.
GCIH, GCFA, GCIA, Offensive Security, or similar certifications.
Contributions to Sigma, YARA, or other open-source detection content.