Senior Detection and Response Engineer

Senior Detection and Response Engineer.

Location: Remote.
Salary: Competitive.
Employer: AlphaSense.

Responsibilities:
• Design, implement, and maintain advanced detection rules and correlation logic across SIEM , EDR, and Cloud platforms (AWS, GCP);
• Lead detection strategy and architecture aligned with the Detection Quality frameworks;
• Write high-fidelity detection rules using languages like SIGMA and YARA-L;
• Conduct deep log source analysis, perform threat modeling, adversary emulation, and maintain MITRE ATT&CK mapping coverage;
• Conduct detection gap analysis to identify coverage opportunities across the kill chain;
• Create and maintain detection playbooks, runbooks, and comprehensive documentation;
• Perform detection quality assessments and continuous improvement initiatives;
• Develop complex automated response playbooks for multi-stage incidents spanning multiple security tools;
• Integrate security tools via APIs (SIEM, EDR, MDM, CASB, ITSM, threat intelligence platforms);
• Create automated enrichment pipelines incorporating threat intelligence, asset context, and user behavior analytics;
• Develop automated containment actions (account disable, host isolation, firewall rule updates);
• Measure and report automation ROI, tracking metrics like time saved and incident handling efficiency;
• Handle Incident Response processes and procedures as needed;
• Co-lead the organization's threat hunting program with the SOC Manager, defining strategy, methodology, and campaign planning;
• Execute proactive threat hunting campaigns by conducting hunt queries across SIEM and EDR platforms;
• Analyze large datasets to identify anomalous behavior patterns including user behavior, process execution, network traffic, and cloud activity;
• Develop hunting automation and tooling using custom Python scripts, Jupyter Notebooks, Osquery, and Velociraptor;
• Collaborate with threat intelligence sources to incorporate latest TTPs into hunting campaigns.

Requirements:
• 7+ years in security operations with 3+ years in detection engineering, including deep expertise in creating high-fidelity rules (SIGMA, YARA-L, KQL, SPL).
• Proven track record of building detection strategies across SIEM, EDR, and Cloud platforms, grounded in the MITRE ATT&CK framework.
• Expert knowledge of SOAR platforms (e.g., Tines, Splunk SOAR, Cortex XSOAR), architecture, and complex playbook development.
• Proven experience designing and implementing SOAR platform architecture from concept to production.
• Advanced scripting and automation development skills in Python (required) for API integrations and security tool orchestration.
• Strong background in threat hunting methodology, hypothesis development, and campaign execution, with experience leading or co-leading hunting programs.
• Proficiency with data analysis, anomaly detection, and hands-on experience with hunting tools like Jupyter Notebooks, Osquery, and Velociraptor.
• Deep understanding of attack techniques, lateral movement, persistence mechanisms, and post-exploitation TTPs across Windows, Linux, and macOS.
• Familiarity with security frameworks including MITRE ATT&CK, PICERL, NIST CSF, and Detection Maturity Models, and incident response best practices.
• Proven ability to lead technical initiatives, mentor team members, and communicate complex technical concepts to diverse audiences.

⚡ Показать контакты

#Удаленка #ИБ