Senior Detection Engineer
Primary Objectives
Assist in creating, tuning, and maintaining detection rules across EDR and MDR platforms.
Monitor and validate alerts to ensure efficacy and minimize false positives.
Support senior engineers in the development of detection strategies and threat coverage.
Key responsibilities & Accountabilities
Build and modify detection rules for EDR tools (SentinelOne, etc.).
Analyze endpoint telemetry and alerts to identify gaps in coverage or high-fidelity detection opportunities.
Assist in triage of detection hits to understand alert quality and identify tuning needs.
Collaborate with senior detection engineers and threat intelligence teams to understand adversary behaviors and translate them into detection logic.
Conduct retrospective testing of new detections against historical data.
Document rule logic, associated TTPs, and use case rationale.
Participate in content validation exercises using benign or simulated malicious activity.
Stay current with emerging threats, tools, and attacker techniques.
Support operational tuning and the reduction of alert fatigue through logic refinement.
Contribute to knowledge sharing and internal documentation.
Skills & Ability
Bachelors degree in Cybersecurity, Computer Science, or related field preferred (or equivalent hands-on experience).
0-2 years in a detection engineering, threat hunting, or SOC engineering role.
Previous experience in a MSSP or large enterprise SOC environment highly preferred.
Primary Objectives
Assist in creating, tuning, and maintaining detection rules across EDR and MDR platforms.
Monitor and validate alerts to ensure efficacy and minimize false positives.
Support senior engineers in the development of detection strategies and threat coverage.
Key responsibilities & Accountabilities
Build and modify detection rules for EDR tools (SentinelOne, etc.).
Analyze endpoint telemetry and alerts to identify gaps in coverage or high-fidelity detection opportunities.
Assist in triage of detection hits to understand alert quality and identify tuning needs.
Collaborate with senior detection engineers and threat intelligence teams to understand adversary behaviors and translate them into detection logic.
Conduct retrospective testing of new detections against historical data.
Document rule logic, associated TTPs, and use case rationale.
Participate in content validation exercises using benign or simulated malicious activity.
Stay current with emerging threats, tools, and attacker techniques.
Support operational tuning and the reduction of alert fatigue through logic refinement.
Contribute to knowledge sharing and internal documentation.
Skills & Ability
Bachelors degree in Cybersecurity, Computer Science, or related field preferred (or equivalent hands-on experience).
0-2 years in a detection engineering, threat hunting, or SOC engineering role.
Previous experience in a MSSP or large enterprise SOC environment highly preferred.