Senior Detection Engineer - MITRE ATT&CK framework - XDR - EDR - AI - Cyber Security Startup - Remot

We’re seeking a Senior Detection Engineer to lead the next evolution of AI-augmented threat detection.

This role goes beyond traditional detection engineering : you’ll help improve and build our Detection Engineering Agent , responsible for continuously grading and improving detection coverage based on a customer’s available telemetry, configuration, and behavioral baselines.

You’ll work across multi-cloud , hybrid , and data-lake environments to design modular detections that don’t depend on centralized data storage, but instead leverage federated queries, metadata scoring, and AI-based prioritization.

The ideal candidate combines deep hands-on SIEM expertise with a product mindset : able to design scalable detection pipelines, integrate AI feedback, and quantify detection efficacy at enterprise scale.

Key Responsibilities

Design and maintain modular, high-fidelity detections using Sigma, KQL, SPL, Lucene, and other rule / query languages for Sentinel, Splunk, Chronicle, Elastic, and data-lake environments (Snowflake, BigQuery, Databricks).

Build and evolve Detection Engineering Agent , enabling real-time tracking, grading, and ranking of a customer’s environment based on data coverage, signal quality, and rule performance.

Develop detections that operate without centralized storage , leveraging federated queries, streaming analytics, and metadata summarization instead of raw data ingestion.

Quantify coverage gaps across identity, endpoint, cloud, network, and SaaS telemetry; collaborate cross-functionally to enhance observability and threat visibility.

Integrate AI and ML models for automated rule tuning, false positive reduction, and behavioral correlation.

Implement feedback-driven rule lifecycle management , including performance tracking (TP / FP / FN), version control, and graceful rule deprecation or promotion.

Collaborate with SOC, data science, and platform teams to continuously improve detection quality and automate enrichment or response actions via SOAR platforms.

Manage detection-as-code pipelines , ensuring CI / CD integration, modular content reuse, and full traceability of changes.

Required Skills

5+ years of experience in detection engineering, threat hunting, and SOC operations .

Expertise in at least two major SIEMs (Sentinel, Google SecOps / Chronicle, Splunk) and data-lake query environments (Snowflake / Databricks).

Strong command of Sigma, KQL, SPL, or Lucene , with the ability to abstract detection logic into environment-agnostic templates.

Experience with federated detection queries and data modeling for environments without long-term log storage.

Familiarity with AI / ML-driven prioritization for detection scoring, clustering, or environment-based tuning.

Ability to handle diverse telemetry : cloud (AWS / Azure / GCP), IAM, EDR, firewall, Windows event logs, network, and SaaS platforms.

Experience in GitOps / detection-as-code workflows with version control, testing, and deployment pipelines.

Excellent communication and documentation skills with a focus on translating technical detections into product-ready content.

Nice to Have

Experience building or contributing to detection optimization or coverage grading frameworks .

Scripting in Python or PowerShell for automation, enrichment, and testing.

Familiarity with SOAR integration , purple teaming frameworks , and automated response orchestration .

Background in AI / ML model feedback integration for detection scoring or prioritization.

Connect to me at rajeshwari.vh@careerxperts.com for more details.