Reporting to the Manager, Detection Engineering the Senior Detection Engineer will serve as a subject matter expert in cybersecurity detections. This individual will participate in cybersecurity detection strategy, creation, tuning, validation, and correlation to ensure that Deepwatch customers have effective detections in place against an ever-changing threat landscape. Deepwatch Senior Detection Engineers perform a wide array of tasks in an effort to increase alert fidelity, reduce false positives, and better inform MDR Security Analysts within their squad.

Senior Detection Engineers have a direct impact on customer security posture over time by increasing the operational efficiency and effectiveness of MDR Security Analysts and by aligning efforts with customer security priorities.

In this role, you’ll get to:

  • Develop and document new Detection Capabilities for customer environments
  • Work with customers to develop a comprehensive strategy for effective detections
    • Leverage industry frameworks, such as MITRE ATT&CK Framework, for customer-facing alert improvement roadmap
    • Apply knowledge of common detection tools (Azure logging, command line logging, etc.) to advise customers on logging capabilities to expand applicable detection library
    • Confidently prioritize log sources for ingestion and enablement
  • Evaluate current monitoring and detection capabilities to identify areas for improvement
    • Conduct Detection Gap Analyses
  • Manage detection capabilities to ensure appropriate coverage, effective operation, and adherence to Deepwatch standards
    • Detection Enablement
    • Detection Effectiveness (Tuning, Validation, etc.)
    • Detection Creation
  • Onboard assigned customers, establishing baseline detection coverage and detection enablement plan post onboarding
  • Ensure ingested log sources conform to CIM standards
  • Participate in training and mentoring of new hires

To be successful in this role, you’ll need:

  • Experience working and querying SIEM tools or other log-based data
  • Experience in engineering event detection & response tuning
  • Ability to engineer creative, scalable, and out-of-the-box solutions
  • Up to date with engineering best practices, security technology trends, tools, and frameworks
  • Experience in developing detections for attacker tactics, techniques, and procedures (TTPs)
  • Able to both investigate and create security rules in at least 1 SIEM
  • Understanding of general enterprise network architecture and security incident response
  • Understanding of common enterprise technologies and logging capabilities including Cloud, IDS/IPS, Firewalls, Active Directory, Anti-Virus/EDR, Proxies, and Email Gateway
  • Understanding of various attack frameworks such as MITRE ATT&CK and general adversarial / defensive security techniques (e.g. the Cyber Kill Chain, and NIST)
  • Ability to communicate and document technical information effectively towards various audiences
  • Ability to mentor other detection engineers

ITAR Compliance

This position will have access to customer data and as such is subject to International Traffic in Arms Regulations (ITAR). Upon application, candidates will be asked to confirm that they are a U.S. Person as defined by the following:

  • A citizen of the U.S.;
  • A lawful permanent resident of the United States;
  • A person admitted to the United States as a refugee; or
  • A person that has been granted asylum by the United States government.

The intent of this requirement is not to verify employment eligibility overall, but to ensure compliance with import/export regulations. If you do not meet these requirements, we encourage you to apply for other open roles at Deepwatch. This information will be verified upon offer of employment.

Statutory Pay Disclosure:

For applicants in NYC, CO, CA, RI, and WA, the salary range for this role is $125,000 to $180,000 + stock options + benefits. Actual compensation may vary from posted hiring range based upon geographic location, work experience, education, and/or skill level.

Job Overview
Job alerts

Subscribe to our weekly job alerts below and never miss the latest jobs

Sign in

Sign Up

Forgotten Password

Job Quick Search