ThreatLocker.

Detection Engineer

ThreatLocker.$90K — $120K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 3+ years in Information Security
  • 2+ years with EDR or ITDR technologies
  • Experience in developing detection content preferred
  • Strong knowledge of the MITRE ATT&CK Framework
  • Proficient in creating Sigma, YARA, and Snort rules
  • In-depth understanding of Windows systems and forensic artifacts
  • Familiarity with malware analysis and threat hunting research

Responsibilities

  • Develop, test, and maintain detection content for EDR and ITDR platforms
  • Create and manage detection rules like Sigma, YARA, and Snort
  • Map detections to the MITRE ATT&CK Framework
  • Analyze Windows telemetry to find detection gaps
  • Research attacker techniques and identify detection opportunities
  • Collaborate with threat analysts and researchers on detection gaps
  • Validate detection logic using threat hunting and malware analysis

Benefits

  • Opportunity to work with cutting-edge security technologies
  • Hands-on collaboration with expert Threat Analysts and Security Researchers
  • Work in a dynamic team-focused environment
  • Engage in continuous learning on emerging threats and best practices
Full Job Description
JOB OVERVIEW

ThreatLocker is seeking a Detection Engineer to drive the development and continuous improvement of detection content within the ThreatLocker Detect platform. This role is responsible for creating and maintaining detection rules used by our Endpoint Detection and Response (EDR) and Identity Threat Detection and Response (ITDR) products while ensuring alignment with the MITRE ATT&CK® Framework.

The Detection Engineer will leverage telemetry generated through malware analysis, vulnerability research, and proactive threat hunting to identify detection gaps and improve product coverage. Working closely with Threat Analysts and Security Researchers, this individual will develop high-quality detection logic that identifies evolving attacker techniques while minimizing false positives.

As a Detection Engineer, you are responsible for, but not limited to:
  • Develop, test, and maintain detection content for ThreatLocker's Endpoint Detection and Identity Threat Detection platforms.
  • Create and maintain custom Sigma, YARA, and Snort detection rules.
  • Map detections to the MITRE ATT&CK Framework and continuously improve coverage.
  • Analyze Windows telemetry and forensic artifacts to identify detection opportunities.
  • Research attacker techniques including persistence, privilege escalation, defense evasion, and post-exploitation activity.
  • Collaborate with Threat Analysts and Security Researchers to identify and remediate detection gaps.
  • Validate detection logic through threat hunting, malware analysis, and adversary emulation.
  • Tune detection content to improve accuracy while reducing false positives.
  • Document detection methodologies and technical findings for internal teams.
  • Stay current on emerging threats, attack techniques, and industry best practices.
  • The role will be based in Orlando, FL and is an in-office position.

REQUIRED QUALIFICATIONS
  • 3+ years of experience in Information Security.
  • 2+ years of experience working with Endpoint Detection and Response (EDR) or Identity Threat Detection and Response (ITDR) technologies within an enterprise environment.
  • Experience developing detection content is strongly preferred.
  • Strong understanding of the MITRE ATT&CK Framework and its application within enterprise security.
  • Experience creating custom Sigma, YARA, and Snort detection rules.
  • Strong knowledge of Windows operating systems and Windows forensic artifacts.
  • Experience with Windows persistence mechanisms, privilege escalation, defense evasion, and parent-child process relationships.
  • Familiarity with malware analysis, threat hunting, and vulnerability research.
  • Familiarity with adversary emulation and post-exploitation frameworks.
  • Strong analytical, troubleshooting, and critical thinking skills.
  • Excellent written and verbal communication skills with the ability to explain technical concepts to non-technical stakeholders.
  • Ability to work independently while collaborating effectively within a team environment.
  • Relevant certifications such as OSCP, GCFA, GCIH, GCIA, GCDA, GCTD, or GISP are a plus.

WORKING CONDITIONS

The duties described below are representative of those encountered while performing the essential functions of this position. If necessary, reasonable accommodation may be requested and will be evaluated for its relationship to the essential functions that must be performed.
  • Job will generally be performed in an office environment but may require travel to visit company offices and/or property locations.
  • While performing duties of this job, would occasionally require standing, walking, sitting, reaching with hands and arms, climbing or balancing, stooping or kneeling, talking and hearing, and using fingers and hands to feel objects and tools.
  • Must occasionally lift and/or move up to 25 pounds.
  • Specific vision abilities required include close vision, distance vision, depth perception, and the ability to adjust focus.

Similar Jobs

More Jobs at ThreatLocker.

More Information Technology Jobs

Find similar Detection Engineer jobs: