Security Engineer - Detection & Response

Job Summary

Required Qualifications

• 5+ years in security engineering, detection engineering, or threat-focused automation roles.
• Strong knowledge of MITRE ATT&CK framework, detection logic, and IOC/IOA patterns.
• Familiarity with MITRE D3FEND for defense-in-depth and response playbook design.
• Hands-on experience designing, deploying, or managing SIEM platforms (vendor-neutral mindset preferred).
• Strong Python scripting skills for integrations, enrichment logic, and playbook development.
• Experience working with structured data formats such as JSON, YAML, logs, and metrics.
• Familiarity with SaaS logging constraints and cloud-native telemetry, preferably AWS.
• Understanding of event-driven architecture and API-driven integrations.
• Demonstrated ability to use AI tools to accelerate scripting, generate or translate detection rules, or assist with enrichment workflows, always with human validation for accuracy.
• Comfortable working autonomously and cross-functionally to deliver reliable detection outcomes.

Desired Qualifications

• Experience building or maintaining detection pipelines using Elastic, Panther, or similar platforms.
• Experience with detection-as-code practices, managing detection logic as version-controlled code with testing and CI/CD.
• Experience writing detection rules in formats such as Sigma, including contributing to open-source or internal detection libraries.
• Experience with MITRE frameworks: ATT&CK (adversary techniques), D3FEND (defensive techniques), and ATLAS (AI-related attacks).
• Experience with OWASP guidance on application telemetry and detection (e.g., AppSensor, Logging Cheat Sheet).