We're seeking a Senior Detection Engineer to lead the next evolution of AI-augmented threat detection.
This role goes beyond traditional detection engineering : you'll help improve and build our Detection Engineering Agent, responsible for continuously grading and improving detection coverage based on a customer's available telemetry, configuration, and behavioral baselines.
You'll work across multi-cloud, hybrid, and data-lake environments to design modular detections that don't depend on centralized data storage, but instead leverage federated queries, metadata scoring, and AI-based prioritization.
The ideal candidate combines deep hands-on SIEM expertise with a product mindset : able to design scalable detection pipelines, integrate AI feedback, and quantify detection efficacy at enterprise scale.
Key Responsibilities
- Design and maintain modular, high-fidelity detections using Sigma, KQL, SPL, Lucene, and other rule/query languages for Sentinel, Splunk, Chronicle, Elastic, and data-lake environments (Snowflake, BigQuery, Databricks).
- Build and evolve Detection Engineering Agent, enabling real-time tracking, grading, and ranking of a customer's environment based on data coverage, signal quality, and rule performance.
- Develop detections that operate without centralized storage, leveraging federated queries, streaming analytics, and metadata summarization instead of raw data ingestion.
- Quantify coverage gaps across identity, endpoint, cloud, network, and SaaS telemetry; collaborate cross-functionally to enhance observability and threat visibility.
- Integrate AI and ML models for automated rule tuning, false positive reduction, and behavioral correlation.
- Implement feedback-driven rule lifecycle management, including performance tracking (TP/FP/FN), version control, and graceful rule deprecation or promotion.
- Collaborate with SOC, data science, and platform teams to continuously improve detection quality and automate enrichment or response actions via SOAR platforms.
Manage detection-as-code pipelines, ensuring CI/CD integration, modular content reuse, and full traceability of changes.
Required Skills
- 5+ years of experience in detection engineering, threat hunting, and SOC operations.
- Expertise in at least two major SIEMs (Sentinel, Google SecOps / Chronicle, Splunk) and data-lake query environments (Snowflake/ Databricks).
- Strong command of Sigma, KQL, SPL, or Lucene, with the ability to abstract detection logic into environment-agnostic templates.
- Experience with federated detection queries and data modeling for environments without long-term log storage.
- Familiarity with AI/ML-driven prioritization for detection scoring, clustering, or environment-based tuning.
- Ability to handle diverse telemetry: cloud (AWS/Azure/GCP), IAM, EDR, firewall, Windows event logs, network, and SaaS platforms.
- Experience in GitOps/detection-as-code workflows with version control, testing, and deployment pipelines.
- Excellent communication and documentation skills with a focus on translating technical detections into product-ready content.
Nice to Have
- Experience building or contributing to detection optimization or coverage grading frameworks.
- Scripting in Python or PowerShell for automation, enrichment, and testing.
- Familiarity with SOAR integration, purple teaming frameworks, and automated response orchestration.
- Background in AI/ML model feedback integration for detection scoring or prioritization.
Connect to me at [Confidential Information] for more details.
