Sr. Detection Engineer | Remote, USA
We are seeking a highly skilled and experienced Sr. Detection Engineer to play a pivotal role in advancing our threat detection capabilities. You will be instrumental in designing, developing, and implementing sophisticated detection logic to identify and respond to evolving cyber threats across our enterprise environment. This role demands a deep understanding of attacker methodologies, a passion for proactive security, and the ability to translate complex security concepts into effective, actionable detections. If you thrive on building robust defenses and hunting down the most elusive threats, this is the opportunity for you.
How you'll make an impact:
Develop and Deploy Advanced Detections:
Design, implement, and maintain high-fidelity detection rules, analytics, and signatures for our Security Information and Event Management (SIEM) platform and other security technologies.
Leverage threat intelligence, kill chains, and attacker TTPs to craft proactive detection strategies.
Develop and implement detections using a 'Detection-as-Code' approach, ensuring version control, testing, and automated deployment.
Utilize and optimize SIEM query languages (e.g., Splunk SPL, KQL, Elastic DSL) for effective log analysis and threat correlation.
Write and refine complex regular expressions for precise data parsing and pattern matching.
Proactive Threat Hunting:
Conduct hypothesis-driven threat hunts to uncover advanced threats that may evade automated detection.
Analyze vast amounts of security telemetry from diverse sources (endpoints, networks, cloud environments, applications) to identify anomalous or malicious activity.
Utilize Open-Source Intelligence (OSINT) and threat intelligence feeds to inform threat hunting hypotheses and develop new detection logic.
Security Tooling and Automation:
Administer, tune, and optimize SIEM and EDR platforms, ensuring optimal performance and data quality.
Automate manual security processes through scripting and integration with various tools and APIs.
Evaluate, test, and integrate new security technologies and automation tools to enhance detection and response capabilities.
Incident Support and Mentorship:
Provide expert-level support during security incidents, assisting with investigation, analysis, and containment.
Contribute to the development and refinement of incident response playbooks and workflows.
Mentor and guide junior SOC analysts and detection engineers, sharing knowledge and best practices.
Collaboration and Communication:
Collaborate effectively with cross-functional teams, including SOC analysts, incident responders, threat intelligence analysts, and IT operations.
Clearly and concisely communicate technical findings, detection logic, and risk assessments to both technical and non-technical stakeholders.
Contribute to the continuous improvement of the SOC's detection and response processes.
Knowledge Management and Research:
Stay abreast of the latest cybersecurity threats, vulnerabilities, attack vectors, and defensive technologies.
Research and implement new detection techniques and methodologies.
Document detection logic, processes, and findings for knowledge sharing and operational efficiency.
What we're looking for:
Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field, or equivalent practical experience.
5+ years of experience in a dedicated detection engineering, threat hunting, or advanced SOC analysis role.
Proven expertise in developing and deploying high-fidelity detections within SIEM environments.
Strong proficiency in SIEM query languages (e.g., Splunk SPL, KQL, Elasticsearch DSL) and experience with SIEM administration and tuning.
Demonstrated experience with log analysis from a wide range of sources (e.g., Windows, Linux, macOS, network devices, cloud services, applications).
Proficiency in scripting languages such as Python, PowerShell, or Bash for automation and data manipulation.
Solid understanding of security concepts and frameworks (e.g., MITRE ATT&CK, Cyber Kill Chain, NIST CSF).
Experience with cloud security principles and detection strategies within cloud environments (AWS, Azure, GCP).
Hands-on experience with endpoint security solutions (EDR, AV) and their detection capabilities.
Knowledge of network security protocols, traffic analysis, and common network attack vectors.
Familiarity with Git and code repository management for version control and collaboration.
Experience with regular expressions for complex data parsing.
Strong analytical and problem-solving skills with the ability to think critically and creatively.
Excellent communication and collaboration skills, with the ability to effectively convey technical information to diverse audiences.
Experience with 'Detection-as-Code' principles and tools preferred.
Demonstrated experience with proactive threat hunting preferred.
Experience with Open-Source Intelligence (OSINT) and threat intelligence platforms preferred.
Familiarity with DevSecOps principles preferred.
Knowledge of incident response methodologies and digital forensics preferred.
Experience with API integrations for automation and data enrichment preferred.
Understanding of operating system security principles preferred.
Relevant security certifications (e.g., GIAC GCTI, GCFA, GCIA, CISSP) preferred.
Why Join Optiv Detection Engineering?
High Impact Role: Make a tangible impact on protecting a large number of client organizations.
Innovation & Challenge: Work on complex, challenging problems at the intersection of detection engineering and large-scale automation.
Professional Growth: Continuous learning opportunities, access to advanced training, and a clear path for professional development in a rapidly evolving field.
Collaborative Culture: Join a supportive, inclusive, and highly skilled team that values innovation, collaboration, and continuous improvement.
What you can expect from Optiv
- A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups.
- Work/life balance
- Professional training resources
- Creative problem-solving and the ability to tackle unique, complex projects
- Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.
- The ability and technology necessary to productively work remotely/from home (where applicable)
EEO Statement
Optiv is an equal opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity or expression, sexual orientation, pregnancy, age 40 and over, marital status, genetic information, national origin, status as an individual with a disability, military or veteran status, or any other basis protected by federal, state, or local law.
Optiv respects your privacy. By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv’s selection and recruitment activities. For additional details on how Optiv uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice. If you sign up to receive notifications of job postings, you may unsubscribe at any time.
Sr. Detection Engineer | Remote, USA
We are seeking a highly skilled and experienced Sr. Detection Engineer to play a pivotal role in advancing our threat detection capabilities. You will be instrumental in designing, developing, and implementing sophisticated detection logic to identify and respond to evolving cyber threats across our enterprise environment. This role demands a deep understanding of attacker methodologies, a passion for proactive security, and the ability to translate complex security concepts into effective, actionable detections. If you thrive on building robust defenses and hunting down the most elusive threats, this is the opportunity for you.
How you'll make an impact:
Develop and Deploy Advanced Detections:
Design, implement, and maintain high-fidelity detection rules, analytics, and signatures for our Security Information and Event Management (SIEM) platform and other security technologies.
Leverage threat intelligence, kill chains, and attacker TTPs to craft proactive detection strategies.
Develop and implement detections using a 'Detection-as-Code' approach, ensuring version control, testing, and automated deployment.
Utilize and optimize SIEM query languages (e.g., Splunk SPL, KQL, Elastic DSL) for effective log analysis and threat correlation.
Write and refine complex regular expressions for precise data parsing and pattern matching.
Proactive Threat Hunting:
Conduct hypothesis-driven threat hunts to uncover advanced threats that may evade automated detection.
Analyze vast amounts of security telemetry from diverse sources (endpoints, networks, cloud environments, applications) to identify anomalous or malicious activity.
Utilize Open-Source Intelligence (OSINT) and threat intelligence feeds to inform threat hunting hypotheses and develop new detection logic.
Security Tooling and Automation:
Administer, tune, and optimize SIEM and EDR platforms, ensuring optimal performance and data quality.
Automate manual security processes through scripting and integration with various tools and APIs.
Evaluate, test, and integrate new security technologies and automation tools to enhance detection and response capabilities.
Incident Support and Mentorship:
Provide expert-level support during security incidents, assisting with investigation, analysis, and containment.
Contribute to the development and refinement of incident response playbooks and workflows.
Mentor and guide junior SOC analysts and detection engineers, sharing knowledge and best practices.
Collaboration and Communication:
Collaborate effectively with cross-functional teams, including SOC analysts, incident responders, threat intelligence analysts, and IT operations.
Clearly and concisely communicate technical findings, detection logic, and risk assessments to both technical and non-technical stakeholders.
Contribute to the continuous improvement of the SOC's detection and response processes.
Knowledge Management and Research:
Stay abreast of the latest cybersecurity threats, vulnerabilities, attack vectors, and defensive technologies.
Research and implement new detection techniques and methodologies.
Document detection logic, processes, and findings for knowledge sharing and operational efficiency.
What we're looking for:
Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field, or equivalent practical experience.
5+ years of experience in a dedicated detection engineering, threat hunting, or advanced SOC analysis role.
Proven expertise in developing and deploying high-fidelity detections within SIEM environments.
Strong proficiency in SIEM query languages (e.g., Splunk SPL, KQL, Elasticsearch DSL) and experience with SIEM administration and tuning.
Demonstrated experience with log analysis from a wide range of sources (e.g., Windows, Linux, macOS, network devices, cloud services, applications).
Proficiency in scripting languages such as Python, PowerShell, or Bash for automation and data manipulation.
Solid understanding of security concepts and frameworks (e.g., MITRE ATT&CK, Cyber Kill Chain, NIST CSF).
Experience with cloud security principles and detection strategies within cloud environments (AWS, Azure, GCP).
Hands-on experience with endpoint security solutions (EDR, AV) and their detection capabilities.
Knowledge of network security protocols, traffic analysis, and common network attack vectors.
Familiarity with Git and code repository management for version control and collaboration.
Experience with regular expressions for complex data parsing.
Strong analytical and problem-solving skills with the ability to think critically and creatively.
Excellent communication and collaboration skills, with the ability to effectively convey technical information to diverse audiences.
Experience with 'Detection-as-Code' principles and tools preferred.
Demonstrated experience with proactive threat hunting preferred.
Experience with Open-Source Intelligence (OSINT) and threat intelligence platforms preferred.
Familiarity with DevSecOps principles preferred.
Knowledge of incident response methodologies and digital forensics preferred.
Experience with API integrations for automation and data enrichment preferred.
Understanding of operating system security principles preferred.
Relevant security certifications (e.g., GIAC GCTI, GCFA, GCIA, CISSP) preferred.
Why Join Optiv Detection Engineering?
High Impact Role: Make a tangible impact on protecting a large number of client organizations.
Innovation & Challenge: Work on complex, challenging problems at the intersection of detection engineering and large-scale automation.
Professional Growth: Continuous learning opportunities, access to advanced training, and a clear path for professional development in a rapidly evolving field.
Collaborative Culture: Join a supportive, inclusive, and highly skilled team that values innovation, collaboration, and continuous improvement.
What you can expect from Optiv
- A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups.
- Work/life balance
- Professional training resources
- Creative problem-solving and the ability to tackle unique, complex projects
- Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.
- The ability and technology necessary to productively work remotely/from home (where applicable)
EEO Statement
Optiv is an equal opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity or expression, sexual orientation, pregnancy, age 40 and over, marital status, genetic information, national origin, status as an individual with a disability, military or veteran status, or any other basis protected by federal, state, or local law.
Optiv respects your privacy. By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv’s selection and recruitment activities. For additional details on how Optiv uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice. If you sign up to receive notifications of job postings, you may unsubscribe at any time.