Contact
Telegram

Detection Engineer

Hampton North United State
Remote
Apply
AI Summary

Design and implement detection logic for security platform. Develop detections in Python, YAML, Sigma, or related frameworks. Engineer and normalize telemetry across endpoint, identity, SaaS, and network sources.

Key Highlights
Own the full detection lifecycle from threat modeling to writing, testing, and tuning detections in production
Support a security platform focused on deep endpoint telemetry, behavioral analytics, and visibility across complex enterprise environments
Translate attacker and anomalous user behavior into high-signal logic
Develop detection-as-code in Python, YAML, Sigma, or related frameworks
Partner with Threat Intel, Red Team, and Customer Success teams to validate detection coverage and model real-world misuse cases
Technical Skills Required
Python YAML Sigma SIEM Splunk Sentinel Elastic Chronicle Panther
Benefits & Perks
Salary: $160-200k
Equity options
100% remote work within the US

Job Description


We’re looking for a Detection Engineer who can own the full detection lifecycle—from threat modeling and log pipeline design to writing, testing, and tuning detections in production. This role supports a security platform focused on deep endpoint telemetry, behavioral analytics, and visibility across complex enterprise environments. Ideal for someone who understands how to turn nuanced user and system behavior into high-fidelity detections that actually stop insider, data misuse, and advanced threats.


Compensation: $160-200k with equity options

Logistics: 100% remote within the US (no CTC or sponsorship at this time)


What you'll be doing:

  • Build and maintain detections across SIEMs, behavioral analytics platforms, and endpoint data pipelines.
  • Translate attacker and anomalous user behavior (MITRE ATT&CK, insider risk patterns, compromised account indicators) into high-signal logic.
  • Develop detection-as-code in Python, YAML, Sigma, or related frameworks.
  • Engineer and normalize telemetry across endpoint, identity, SaaS, and network sources—especially high-volume behavioral data.
  • Partner with Threat Intel, Red Team, and Customer Success teams to validate detection coverage and model real-world misuse cases.
  • Drive continuous tuning to reduce false positives and improve behavioral baselines.
  • Build automated test harnesses and CI pipelines to validate detection efficacy.
  • Contribute to playbooks, automation, and broader SecOps response workflows.
  • Produce observability around detection performance, coverage gaps, and behavioral drift.


What we're looking for:

  • 5+ years in Detection Engineering, Threat Research, SecOps, or similar roles.
  • Strong experience writing detections for:
  • Behavioral or endpoint analytics platforms (e.g., EDR, telemetry-rich agents).
  • SIEM / data platforms such as Splunk, Sentinel, Elastic, Chronicle, Panther, etc.
  • Proficiency in Python or similar scripting languages.
  • Experience working with extremely granular endpoint telemetry, identity events, and user behavior patterns.
  • Solid understanding of attacker tradecraft, insider threat indicators, and misuse patterns beyond classic IOC-based detection.
  • Comfort working in high-noise or high-context environments and improving signal quality.
  • Strong communication: able to describe why a detection matters and how it protects the business.

Apply Now
Job Overview
Posted Date Dec 12, 2025
Employment Type Full-time
Experience Level Not Applicable
Location United State
Category Cyber Security
Company Hampton North
Mentioned Skills
python saas siem splunk
Industries
computer and network security

Subscribe our newsletter

New Things Will Always Update Regularly