Security Monitoring Detection Engineer (Cybersecurity)

TL;DR

Security Monitoring Detection Engineer (Cybersecurity): Developing and optimizing security detection rules using "Detection as Code" principles with an accent on threat mapping and log analysis. Focus on reducing alert noise, bridging coverage gaps via MITRE ATT&CK, and implementing CI/CD for security rules.

Location: 100% Remote (Contextual markers such as 401k and Mid-Atlantic regional awards indicate US-based eligibility)

Company

A veteran-owned small business specializing in high-tier technical services and recognized as one of the fastest-growing companies in America.

What you will do

• Implement "Detection as Code" (DaC) by applying software engineering principles like version control and CI/CD to security rules.
• Map detection strategies against the MITRE ATT&CK framework to identify and fill coverage gaps.
• Analyze telemetry from cloud, network, endpoint, and identity systems to detect anomalous patterns.
• Continuously tune and optimize rules to minimize noise and ensure alerts are actionable.
• Manage the full detection lifecycle, including design, development, testing, deployment, and maintenance.

Requirements

• Strong proficiency in Python scripting, SQL, and regex.
• Experience with SIEM platforms such as Splunk or Microsoft Sentinel.
• Deep understanding of attacker Tactics, Techniques, and Procedures (TTPs).
• Ability to parse and analyze large-scale log data for anomalies.
• Previous experience in SOC analysis, incident response, or threat hunting.

Culture & Benefits

• 100% company-covered medical premiums and best-in-class medical coverage.
• 401k program with a 100% company match on the first 4%.
• 3 weeks of PTO and 11 paid holidays annually.
• Monthly reimbursement for cell phone and home internet costs.
• Company-wide new business incentive programs and contribution incentives for white papers or blogs.
• Investment in professional training and certifications.