Senior Detection Engineer - Cyber Security Startup - Remote

We’re seeking a

Senior Detection Engineer

to lead the next evolution of AI-augmented threat detection.

This role goes beyond traditional detection engineering : you’ll help improve and build our

Detection Engineering Agent , responsible for continuously grading and improving detection coverage based on a customer’s available telemetry, configuration, and behavioral baselines.

You’ll work across

multi-cloud ,

hybrid , and

data-lake

environments to design modular detections that don’t depend on centralized data storage, but instead leverage federated queries, metadata scoring, and AI-based prioritization.

The ideal candidate combines

deep hands-on SIEM expertise

with a

product mindset

: able to design scalable detection pipelines, integrate AI feedback, and quantify detection efficacy at enterprise scale.

Key Responsibilities

Design and maintain modular, high-fidelity detections

using Sigma, KQL, SPL, Lucene, and other rule / query languages for Sentinel, Splunk, Chronicle, Elastic, and data-lake environments (Snowflake, BigQuery, Databricks).

Build and evolve Detection Engineering Agent , enabling real-time tracking, grading, and ranking of a customer’s environment based on data coverage, signal quality, and rule performance.

Develop detections that operate without centralized storage , leveraging federated queries, streaming analytics, and metadata summarization instead of raw data ingestion.

Quantify coverage gaps

across identity, endpoint, cloud, network, and SaaS telemetry; collaborate cross-functionally to enhance observability and threat visibility.

Integrate AI and ML models

for automated rule tuning, false positive reduction, and behavioral correlation.

Implement feedback-driven rule lifecycle management , including performance tracking (TP / FP / FN), version control, and graceful rule deprecation or promotion.

Collaborate with SOC, data science, and platform teams

to continuously improve detection quality and automate enrichment or response actions via SOAR platforms.

Manage detection-as-code pipelines , ensuring CI / CD integration, modular content reuse, and full traceability of changes.

Required Skills

5+ years of experience in

detection engineering, threat hunting, and SOC operations .

Expertise in

at least two major SIEMs

(Sentinel, Google SecOps / Chronicle, Splunk) and

data-lake query environments

(Snowflake / Databricks).

Strong command of

Sigma, KQL, SPL, or Lucene , with the ability to abstract detection logic into environment-agnostic templates.

Experience with

federated detection queries

and

data modeling

for environments without long-term log storage.

Familiarity with

AI / ML-driven prioritization

for detection scoring, clustering, or environment-based tuning.

Ability to handle diverse telemetry :

cloud (AWS / Azure / GCP), IAM, EDR, firewall, Windows event logs, network, and SaaS platforms.

Experience in

GitOps / detection-as-code workflows

with version control, testing, and deployment pipelines.

Excellent communication and documentation skills with a focus on translating technical detections into product-ready content.

Nice to Have

Experience building or contributing to

detection optimization or coverage grading frameworks .

Scripting in

Python or PowerShell

for automation, enrichment, and testing.

Familiarity with

SOAR integration ,

purple teaming frameworks , and

automated response orchestration .

Background in

AI / ML model feedback integration

for detection scoring or prioritization.

Connect to me at rajeshwari.vh@careerxperts.com for more details.