Security Engineer (Detection Engineering)

Requirements We're seeking a Security Engineer on our Security Operations team with strong detection engineering experience , 3+ years of hands-on experience in detection engineering, security operations, security automation, or a closely related security engineering role , Demonstrated experience designing, testing, and tuning detection rules and analytic queries across production security telemetry (endpoint, cloud, network, identity, or DLP) , Hands-on experience with SIEM platforms and proficiency with query languages such as SPL, KQL, or equivalent , Experience building and operating security data pipelines, including log ingestion, normalization, enrichment, and data quality management , Understanding of data engineering concepts including ETL pipelines, data modeling, schema design, and indexing as applied to security telemetry , Hands-on coding experience in Python, PowerShell, Go, or Rust for security automation, detection tooling, or pipeline development, and familiarity with Terraform for managing detection and logging infrastructure as code , Understanding of MITRE ATT&CK framework and its application to detection coverage and gap analysis , Ability to obtain and maintain a security clearance , (Desirable) Experience in defense, aerospace, robotics, autonomy, or other high-assurance environments , (Desirable) Experience with EDR platforms including custom detection rule creation and telemetry analysis , (Desirable) Experience with cloud-native detection in AWS and Microsoft 365/Azure , (Desirable) Experience using Terraform to deploy and manage security monitoring infrastructure, log pipeline components, or cloud-native security service configurations , (Desirable) Hands-on experience with incident response, threat hunting, or adversary emulation , (Desirable) Exposure to embedded Linux, operational technology, or ICS telemetry and detection , (Desirable) Familiarity with NIST SP 800-171, NIST SP 800-53, or CMMC and their logging and monitoring requirements , (Desirable) Relevant certifications such as GCIH, GCIA, GCDA, GSOM, OSDA, or OSCP What the job involves You'll design and develop high-fidelity detection content, build and operate the data pipelines that power our security operations, develop automation playbooks that accelerate response, and work across a uniquely diverse telemetry landscape spanning cloud infrastructure, embedded vessel platforms, corporate systems, and operational technology , This role is heavily weighted toward detection engineering , You should think in terms of adversary behavior and telemetry coverage, not just alert triage , You'll own detections end-to-end: from identifying gaps in coverage, through designing and testing detection logic, to tuning and validating in production , Design, build, test, and tune high-fidelity detection rules and analytic queries across endpoint, cloud, network, identity, and DLP telemetry sources , Develop and maintain detection content using detection-as-code practices including version-controlled logic, automated testing, and CI/CD deployment , Map detection coverage to MITRE ATT&CK, identify gaps, and prioritize new detection development based on threat intelligence and business risk , Engineer correlation rules, behavioral analytics, and anomaly-based detections that minimize false positives while surfacing real adversary tradecraft , Own the detection lifecycle from initial development through production tuning, performance monitoring, and retirement , Build and operate pipelines to ingest, normalize, enrich, and manage security telemetry at scale across diverse data sources, using Terraform and infrastructure-as-code practices to deploy and maintain logging and detection infrastructure , Design and maintain log collection, parsing, and enrichment configurations that ensure the right telemetry is available at the right fidelity for detection and investigation , Evaluate and onboard new telemetry sources as Saronic's infrastructure and threat landscape evolve , Monitor pipeline health, data quality, and ingestion reliability to ensure detections operate on complete and accurate data , Develop and manage automated response playbooks in SOAR platforms to accelerate containment and reduce analyst toil , Build automation that enriches alerts with contextual data, reducing investigation time and improving analyst decision-making , Support incident response efforts and translate lessons learned into improved detections and playbooks , Partner with SOC analysts, Cloud Security, Product Security, and IT teams to close visibility and detection gaps across environments , Collaborate with threat intelligence to ensure detection engineering is informed by current adversary TTPs relevant to defense, maritime, and autonomous systems #J-18808-Ljbffr