ABOUT ROLE

The Senior Detection Engineer is a technical specialist within the Global Security Operations Centre (GSOC), based in Gaithersburg, Maryland, working with the Director, Cyber Security Detection Engineering. The role is characterised by leadership of detection content development initiatives that protect enterprise assets across cloud, on-premises, and OT/ICS environments. Responsibility is held for the design, implementation, and optimisation of detection logic through which threats areidentified, investigated, and mitigated with precision and efficiency.

WHAT YOU'LL DO

• Detection engineering initiatives: oversee detection engineering effortsacross multiple projects spanning threat coverage, detection logic development, and efficacy validation; technical guidance is provided to ensure that detection capabilities address the most significant threats across all technology domains.

• Advanced detection frameworks and methodologies:implement detection engineering frameworks to enhance the organisation's defensive posture through improved threat coverage, reduced false positives, and accelerated threat identification; industry guidelines for detection engineering are adopted and tailored to organizational requirements.

• Enterprise-wide detection content library development andmanagement: design andoptimizedetection librariesto ensure comprehensive coverage of adversary tactics, techniques, and procedures as defined by frameworks such as MITRE ATT&CK; detection logic is developed that balances sensitivity with operational efficiency.

• Detection development oversight: provide technical guidance of detection development operationsincluding coordination with external suppliers and platform vendors for comprehensive threat coverage; detection performance is monitored and issues are called out and resolved in collaboration with relevant collaborators.

• Proactive detectiondevelopment andcoverage management:proactively expand detection coverage through periodic assessments of threat landscape evolution, detection gaps, and emerging attack techniques; critical coverage deficiencies are identified and resolution is driven through systematic detection development.

• Stakeholder management:maintainengagement with security leadershipto communicate emerging detection requirements driven by threat intelligence and incident findings; strategic action plans are proposed for addressing coverage gaps and enhancing detection capabilities.

• External partner relationshipmanagement:maintainand developrelationshipswith external partners, threat intelligence providers, and industry peers to identify innovative detection approaches and emerging techniques applicable to enterprise defence.

As a Specialist:

• Technical guidance andexpertise: support the definition of detection standards, development methodologies, and quality frameworks within the detection engineering domain; critical detection failures are addressed through deep technical knowledge and systematic analysis.

• Continuous improvement:find opportunities to improve andenhance the performance of detection logic, reduce false positives, and improve threat identification accuracy; opportunities for detection automation and orchestration are pursuedproactively.

• Implement innovative detection engineering solutions:identifyand manage new detection engineering solutions including adoption of newdetection techniques, behavioural analytics, and machine learning approaches; training and organizational change activities are led to ensure successful adoption.

• Technical guidance and mentorship:provideongoing technical guidance and mentoringto detection engineering team members and security analysts regardingdetection logic development, threat hunting techniques, and effective use of detection platforms.

• Maintain training and awareness materials: develop andmaintaintraining and awareness materials regardingdetection engineering practices, threat actor TTPs, and effective investigation methodologies; knowledge is shared to enable security operations teams to leveragedetection capabilities effectively.

Knowledge, Experience, and Understanding of:

• Detection Engineering Fundamentals: Deepexpertisein detection logic design, threat modelling, and coverage mapping; extensive experience with detection development across diverse platforms and environments applied to enterprise-scale operations.

• Threat detection frameworks: Comprehensive familiarity with MITRE ATT&CK, Cyber Kill Chain, and detection engineering methodologies; understanding of how adversary techniques manifest across different technology domains and how detection logic must be adapted accordingly.

• Detection platforms and tooling: Substantial hands-on experience with enterprise detection platforms including SIEM, EDR, NDR, and cloud-native security services; advancedproficiencyin platform-specific query languages, rule formats, and detection logic development.

• Working knowledge of how threat intelligence is consumed and turned into actionable detection logic. Understanding of indicator types, threat actor TTPs, and prioritization of detection based on intelligence.

• Scripting and automation: Advancedproficiencyin scripting languages such as Python, PowerShell, or similar for detection logic development and automation tasks; experience with detection-as-code practices and version control for detection content.

• Detection formats and standards: Extensive experience with standardised detection formats including Sigma rules, YARA signatures, and platform-specific query languages; ability to develop detection logic that is portable and maintainable across platforms.

• Performance optimization: Deep understanding of detection tuning, false positive reduction, and query optimisation techniques; proven ability to balance detection sensitivity with operational efficiency.

• OT/ICS detection considerations: Familiarity with operational technology environments and the unique constraints affecting detection in industrial settings; awareness of safety implications and availability requirements that influence detection approaches.

• Purple team collaboration: Experience working with offensive security teams tovalidatedetection efficacy and identifycoverage gaps; understanding of how adversary emulation informs detection improvement.

Minimum Skills & Experience Required

• Education: Bachelor's degree in information security, computer science, or related field (or equivalent experience).

• Technicalexpertise:At leastfive (5)years of experience in detection engineering, preferably within security operations centres or detection engineering teams;demonstratedsuccess in leading detection initiatives and implementing innovative approaches at enterprise scale.

• Detection platformexpertise: Deep hands-on experience with at least one major detection platform including advanced detection logic development, tuning, and validation; recognised internally as an expert in detection capabilities and standards.

• Threat landscape knowledge: Working experience with threat intelligence, adversary TTPs, and attack techniques across cloud, on-premises, and OT environments; familiarity with how threats evolve and how detection strategies must adapt.

• Global collaboration: Experience working in a global organisation with geographically dispersed teams and partners, including matrix working environments; ability to coordinate across time zones and cultural contexts.

• Collaborator engagement:At leastfive (5)years of experience collaborating with security operations teams, incident responders, and threat intelligence analysts toidentify, document, and address detection requirements; proven ability to manage relationships and communications with third-party suppliers and vendors.

• Project delivery: Experience delivering and managing large-scale detection engineering projects including planning, execution, and organizational change; ability to navigate dependencies across multiple teams and technical domains.

• Problem-s