Senior Detection Engineer (SIEM / Security Observability)
Keeper Security25 days ago
Remote, United StatesSenior
Responsibilities
- Design, build, and maintain detection and telemetry capabilities across Datadog, SentinelOne, and Wiz.
- Develop, test, and tune high-fidelity detection rules aligned to real-world attack scenarios.
- Continuously improve alert quality by reducing false positives and increasing detection accuracy.
- Implement and mature detection-as-code practices for scalable rule management.
- Define and enforce logging and telemetry standards across various systems.
- Build and optimize log ingestion and retention pipelines.
- Automate onboarding of new data sources to improve telemetry coverage.
- Correlate signals across various security tools to enhance detection depth.
- Partner with Security Operations to improve incident response workflows.
- Build dashboards and analytics to support operational decision-making.
- Map detection coverage against MITRE ATT&CK and identify visibility gaps.
- Perform detection gap assessments based on threat intelligence.
Requirements
- 5–8+ years of experience in detection engineering or security observability.
- Hands-on experience with SIEM and security analytics platforms.
- Experience building and tuning detection rules and alerting workflows.
- Strong understanding of security telemetry across various environments.
- Experience with log parsing and pipeline management.
- Strong knowledge of cloud environments, preferably AWS.
- Proficiency in scripting or automation using Python or PowerShell.
- Solid understanding of modern detection strategies and the MITRE ATT&CK framework.
- Ability to work cross-functionally with various teams.
Benefits
- Medical, Dental & Vision coverage.
- Employer Paid Life Insurance and Supplemental life options.
- Voluntary Short/Long Term Disability Insurance.
- 401K options (Roth/Traditional).
- Generous PTO plan including paid Bereavement and Jury Duty.
- Above market annual bonuses.