Security Engineer, Detection and Response

Hands-on Detection Engineer to design and maintain high-signal detections across cloud, identity, endpoints, and SaaS environments; build and improve the detection platform, including rule lifecycle management, tuning, measurement, and rollout safety; develop tooling and automation to accelerate triage, enrichment, investigation, and detection authoring (including LLM-based workflows); translate threat intelligence and adversary TTPs into durable detections and telemetry requirements; participate in investigations, incident response, and postmortems; define and track metrics (coverage, MTTD, alert quality) to guide investments; participate in a shared on-call rotation for incident response; requires 6+ years of experience in detection/security operations/incident response; proficient with Sigma, KQL, SPL, YARA-L, EQL, Panther; strong cloud security in AWS/GCP/Azure; hands-on with SIEM, EDR, SOAR; capable of working independently and communicating via design docs and runbooks.