Position Details

Salary $96K – $158K USD / year

Type Full-Time

Experience mid

Exp. Years 3+ years

Education Bachelor's degree in Computer Science or related field

Category Cybersecurity

About this role

Hands-on detection engineering role designing and operationalizing enterprise threat detections across endpoint, identity, network, and cloud using SIEM/XDR platforms.

Key Responsibilities

Operationalize security alerting
Develop new detection capabilities
Validate detections
Identify telemetry gaps
Remediate log data quality

Technical Overview

Develop detections across telemetry sources using Splunk SPL and KQL; apply MITRE ATT&CK; automate with Python/PowerShell; validate with emulation and attack scenarios; improve log quality and coverage.

Ideal Candidate

The ideal candidate is a mid-to-senior level detection engineer with 3+ years building and operationalizing detections across endpoint, identity, network, and cloud; proficient in Splunk SPL, KQL, and MITRE ATT&CK; strong automation skills.

Must-Have Skills

3+ years of detection engineeringincident responsethreat huntingor security operations in large enterprise environmentsPractical experience with EndpointIdentityNetworkCloud & SaaS technologies and loggingProven experience developing detection content across telemetry sourcesStrong proficiency with at least one SIEM/XDR ecosystem and advanced query authoring (Splunk SPLMicrosoft KQLSQL strongly preferred)Understanding of adversary tradecraft using MITRE ATT&CKAbility to reason about attacker behaviors and detection trade-offsExperience with Python and PowerShell for automationStrong communication skills with technical and non-technical stakeholders

Nice-to-Have Skills

GIAC GDATGCDAGCTDGCTIGMONGCIHGCFAGCPYSplunk Power UserMicrosoft SC-200AZ-500CompTIA CySA+

Tools & Platforms

SplunkKQLMITRE ATT&CKPythonPowerShellSQLREST/GraphQL APIsEndpointIdentityNetworkCloud & SaaS

Required Skills

Bachelor's degree; 3+ years in detection engineering; Splunk; SIEM/XDR; MITRE ATT&CK; Python; PowerShell; Splunk SPL; KQL; SQL; incident response; threat hunting

Hard Skills

3+ years of detection engineeringSIEM/XDRSplunk SPLMicrosoft KQLSQLMITRE ATT&CKPythonPowerShellREST/GraphQL APIsEndpointIdentityNetworkCloud & SaaS technologies

Soft Skills

Strong written and verbal communicationStakeholder collaborationAnalytical thinkingTeamworkProblem-solving

Certifications

Preferred

GIAC GDATGIAC GCDAGIAC GCTDGIAC GCTIGIAC GMONGIAC GCIHGIAC GCFAGIAC GCPYSplunk Power UserMicrosoft SC-200AZ-500CySA+

Industry & Role

Industry Financial Services

Job Function Design and implement enterprise threat detection and alerting across endpoint, identity, network, cloud and SaaS environments.

Role Subtype Security Engineer

Tech Domains Cybersecurity, Python, PowerShell, SQL / PostgreSQL, Splunk, Microsoft KQL

Keywords for Your Resume

detection engineersiemxdrSplunk SPLMicrosoft KQLSQLMITRE ATT&CKendpointidentitycloudpurple-teamhunt findingsincident responsetelemetrylog data qualityrestgraph qlpythonpowershellGIAC GDATGCDAGCTDGCTIGMONGCIHGCFAGCPYsplunksplunk splmitre att&cksqlkqlcloud & saas

Deal Breakers

Less than 3 years of detection engineering experience, Inability to work in a large enterprise security operations model

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile

Specialist, Cyber Detection Engineer

Get matched to jobs like this