Sr. Detection Engineer | Remote, USA

We are seeking a highly skilled and experienced Sr. Detection Engineer to play a pivotal role in advancing our threat detection capabilities. You will be instrumental in designing, developing, and implementing sophisticated detection logic to identify and respond to evolving cyber threats across our enterprise environment. This role demands a deep understanding of attacker methodologies, a passion for proactive security, and the ability to translate complex security concepts into effective, actionable detections. If you thrive on building robust defenses and hunting down the most elusive threats, this is the opportunity for you.

How you'll make an impact:

• Develop and Deploy Advanced Detections:
  
  
  • Design, implement, and maintain high-fidelity detection rules, analytics, and signatures for our Security Information and Event Management (SIEM) platform and other security technologies.
  • Leverage threat intelligence, kill chains, and attacker TTPs to craft proactive detection strategies.
  • Develop and implement detections using a "Detection-as-Code" approach, ensuring version control, testing, and automated deployment.
  • Utilize and optimize SIEM query languages (e.g., Splunk SPL, KQL, Elastic DSL) for effective log analysis and threat correlation.
  • Write and refine complex regular expressions for precise data parsing and pattern matching.
• Proactive Threat Hunting:
  
  
  • Conduct hypothesis-driven threat hunts to uncover advanced threats that may evade automated detection.
  • Analyze vast amounts of security telemetry from diverse sources (endpoints, networks, cloud environments, applications) to identify anomalous or malicious activity.
  • Utilize Open-Source Intelligence (OSINT) and threat intelligence feeds to inform threat hunting hypotheses and develop new detection logic.
• Security Tooling and Automation:

• Administer, tune, and optimize SIEM and EDR platforms, ensuring optimal performance and data quality.
• Automate manual security processes through scripting and integration with various tools and APIs.
• Evaluate, test, and integrate new security technologies and automation tools to enhance detection and response capabilities.

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field, or equivalent practical experience.
• 5+ years of experience in a dedicated detection engineering, threat hunting, or advanced SOC analysis role.
• Proven expertise in developing and deploying high-fidelity detections within SIEM environments.
• Strong proficiency in SIEM query languages (e.g., Splunk SPL, KQL, Elasticsearch DSL) and experience with SIEM administration and tuning.
• Demonstrated experience with log analysis from a wide range of sources (e.g., Windows, Linux, macOS, network devices, cloud services, applications).
• Proficiency in scripting languages such as Python, PowerShell, or Bash for automation and data manipulation.
• Solid understanding of security concepts and frameworks (e.g., MITRE ATT&CK, Cyber Kill Chain, NIST CSF).
• Experience with cloud security principles and detection strategies within cloud environments (AWS, Azure, GCP).
• Hands-on experience with endpoint security solutions (EDR, AV) and their detection capabilities.
• Knowledge of network security protocols, traffic analysis, and common network attack vectors.
• Familiarity with Git and code repository management for version control and collaboration.
• Experience with regular expressions for complex data parsing.
• Strong analytical and problem-solving skills with the ability to think critically and creatively.
• Excellent communication and collaboration skills, with the ability to effectively convey technical information to diverse audiences.
• Experience with "Detection-as-Code" principles and tools preferred.
• Demonstrated experience with proactive threat hunting preferred.
• Experience with Open-Source Intelligence (OSINT) and threat intelligence platforms preferred.
• Familiarity with DevSecOps principles preferred.
• Knowledge of incident response methodologies and digital forensics preferred.
• Experience with API integrations for automation and data enrichment preferred.
• Understanding of operating system security principles preferred.
• Relevant security certifications (e.g., GIAC GCTI, GCFA, GCIA, CISSP) preferred.

• High Impact Role: Make a tangible impact on protecting a large number of client organizations.
• Innovation & Challenge: Work on complex, challenging problems at the intersection of detection engineering and large-scale automation.
• Professional Growth: Continuous learning opportunities, access to advanced training, and a clear path for professional development in a rapidly evolving field.
• Collaborative Culture: Join a supportive, inclusive, and highly skilled team that values innovation, collaboration, and continuous improvement.

• A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups.
• Work/life balance
• Professional training resources
• Creative problem-solving and the ability to tackle unique, complex projects
• Volunteer Opportunities. "Optiv Chips In" encourages employees to volunteer and engage with their teams and communities.
• The ability and technology necessary to productively work remotely/from home (where applicable)