Job Description
We’re seeking a Senior Detection Engineer to lead the next evolution of AI-augmented threat detection.This role goes beyond traditional detection engineering : you’ll help improve and build our Detection Engineering Agent, responsible for continuously grading and improving detection coverage based on a customer’s available telemetry, configuration, and behavioral baselines.You’ll work across multi-cloud, hybrid, and data-lake environments to design modular detections that don’t depend on centralized data storage, but instead leverage federated queries, metadata scoring, and AI-based prioritization.The ideal candidate combines deep hands-on SIEM expertise with a product mindset : able to design scalable detection pipelines, integrate AI feedback, and quantify detection efficacy at enterprise scale.Key Responsibilities- Design and maintain modular, high-fidelity detections using Sigma, KQL, SPL, Lucene, and other rule/query languages for Sentinel, Splunk, Chronicle, Elastic, and data-lake environments (Snowflake, BigQuery, Databricks).-- Build and evolve Detection Engineering Agent, enabling real-time tracking, grading, and ranking of a customer’s environment based on data coverage, signal quality, and rule performance.-- Develop detections that operate without centralized storage, leveraging federated queries, streaming analytics, and metadata summarization instead of raw data ingestion.-- Quantify coverage gaps across identity, endpoint, cloud, network, and SaaS telemetry; collaborate cross-functionally to enhance observability and threat visibility.-- Integrate AI and ML models for automated rule tuning, false positive reduction, and behavioral correlation.-- Implement feedback-driven rule lifecycle management, including performance tracking (TP/FP/FN), version control, and graceful rule deprecation or promotion.-- Collaborate with SOC, data science, and platform teams to continuously improve detection quality and automate enrichment or response actions via SOAR platforms.-Manage detection-as-code pipelines, ensuring CI/CD integration, modular content reuse, and full traceability of changes.Required Skills- 5+ years of experience in detection engineering, threat hunting, and SOC operations.-- Expertise in at least two major SIEMs (Sentinel, Google SecOps / Chronicle, Splunk) and data-lake query environments (Snowflake/ Databricks).-- Strong command of Sigma, KQL, SPL, or Lucene, with the ability to abstract detection logic into environment-agnostic templates.-- Experience with federated detection queries and data modeling for environments without long-term log storage.-- Familiarity with AI/ML-driven prioritization for detection scoring, clustering, or environment-based tuning.-- Ability to handle diverse telemetry: cloud (AWS/Azure/GCP), IAM, EDR, firewall, Windows event logs, network, and SaaS platforms.-- Experience in GitOps/detection-as-code workflows with version control, testing, and deployment pipelines.-- Excellent communication and documentation skills with a focus on translating technical detections into product-ready content.Nice to Have- Experience building or contributing to detection optimization or coverage grading frameworks.-- Scripting in Python or PowerShell for automation, enrichment, and testing.-- Familiarity with SOAR integration, purple teaming frameworks, and automated response orchestration.-- Background in AI/ML model feedback integration for detection scoring or prioritization.Connect to me at for more details.