Lead Detection Engineer

• Assist in creating, tuning, and maintaining detection rules across EDR and MDR platforms.
• Monitor and validate alerts to ensure efficacy and minimize false positives.
• Support senior engineers in the development of detection strategies and threat coverage.
• Build and modify detection rules for EDR tools (SentinelOne, etc.).
• Analyze endpoint telemetry and alerts to identify gaps in coverage or high-fidelity detection opportunities.
• Assist in triage of detection hits to understand alert quality and identify tuning needs.
• Collaborate with senior detection engineers and threat intelligence teams to understand adversary behaviors and translate them into detection logic.
• Conduct retrospective testing of new detections against historical data.
• Document rule logic, associated TTPs, and use case rationale.
• Participate in content validation exercises using benign or simulated malicious activity.
• Stay current with emerging threats, tools, and attacker techniques.
• Support operational tuning and the reduction of alert fatigue through logic refinement.
• Contribute to knowledge sharing and internal documentation.

Skills & Ability

• Bachelors degree in Cybersecurity, Computer Science, or related field preferred (or equivalent hands-on experience).
• 0-2 years in a detection engineering, threat hunting, or SOC engineering role.
• Previous experience in a MSSP or large enterprise SOC environment highly preferred.