Job Specifications
Senior Manager, Cybersecurity Detection Engineering
The Senior Manager of Cybersecurity Detection Engineering will lead a team of Detection Engineers in designing, implementing, and maintaining advanced detection capabilities to safeguard the organization against emerging cyber threats. This pivotal role will enhance the company’s next-generation Cyber Defense practice, enabling rapid threat response and automated remediation. The position will be responsible for developing the strategy for the Detection Engineering program and establishing metrics to demonstrate continuous improvement.
The ideal candidate will possess expert-level knowledge in SIEM implementation and log ingestion, SOAR, Incident Response, and Threat Intelligence, and will be data-driven with strong communication and leadership skills.
Key Responsibilities
Define detection engineering strategy, roadmap, and objectives.
Design and implement advanced threat detection techniques using tools such as SIEM, EDR, NDR, and SOAR platforms.
Develop custom detection rules, automated remediation playbooks, and alerts tailored to the organization’s threat landscape.
Leverage MITRE ATT&CK and related frameworks to identify and close detection coverage gaps.
Monitor, optimize, and continuously improve detection systems for performance, scalability, and effectiveness.
Collaborate with Threat Detection and Response teams to enhance capabilities for identifying, managing, and responding to threats efficiently.
Perform attack simulation testing and purple teaming exercises in coordination with Vulnerability Management.
Manage and maintain SIEM/Data Lake data management and log ingestion infrastructure in partnership with Cyber Defense Engineering.
Evaluate, validate, tune, and deprecate detection capabilities as needed.
Maintain operational guidelines, diagrams, and documentation for security detection and response.
Incident Response Support
Collaborate with the Incident Response team to ensure rapid detection and containment of threats.
Provide technical expertise to develop detection use cases during high-severity incidents.
Continuously improve detection and response processes based on lessons learned.
Provide after-hours support as needed for detection and response activities.
Threat Intelligence Integration
Leverage threat intelligence to enhance detection capabilities and proactively mitigate risks.
Identify and analyze emerging threat vectors and incorporate them into detection strategies.
Stakeholder Collaboration
Partner with Cybersecurity, Engineering, and Product teams to align detection strategies with organizational goals.
Communicate detection capabilities and findings to both technical and non-technical stakeholders, including leadership.
Governance and Compliance
Ensure all detection processes and tools comply with regulatory requirements and industry standards (e.g., GDPR, PCI-DSS, NIST).
Maintain documentation of detection strategies, processes, and configurations.
Professional Technology Skills
Proven experience building scalable detection programs with world-class capabilities.
Technical proficiency in large-scale investigations across endpoint, cloud, identity, network, and email threats.
Experience collaborating with IT teams and MSSPs to operationalize Detection Engineering use cases for WAF, DDoS, email security, DLP, AV, and endpoint technologies.
Hands-on experience with Detection & Response tools for network, endpoints, cloud, identity, and SOAR platforms.
Ability to apply threat intelligence for proactive detection of new threat vectors.
Strong understanding of security engineering, architecture, and effective monitoring design.
Solid knowledge of Linux, MacOS, and Windows operating system internals.
Effective communication of complex security issues to management and peers.
Experience maintaining detection use case and SIEM configuration standards.
Skilled in creating and managing operational metrics to drive efficiency and quality.
Passion for mentoring and developing detection engineering talent.
Ability to manage cross-functional relationships and drive initiatives to completion.
Understanding of machine learning concepts as they relate to predictive analytics.
Knowledge, Experience & Qualifications
Essential:
Bachelor’s degree in Computer Science or equivalent experience (advanced degrees accepted with corresponding experience).
8+ years of relevant professional experience in cybersecurity or related fields.
Multi-cloud security experience (AWS, Azure, GCP).
Expert-level knowledge of Detection Engineering and Security Operations.
3+ years of management or leadership experience with direct reports.
Strong background in Information Security, Network Security, Security Monitoring, and Incident Response.
Experience developing SIEM/SOAR detection and automation use cases.
Hands-on experience with key security technologies (Threat Intelligence, Firewalls, SASE, IPS, Endpoint Security, DLP, SIEM/SOAR, and Data Lakes