RemoteLeaf Logo
Log in Sign up

Senior SIEM Detection Engineer

1 week, 5 days ago
United States
Full-time
Senior
Security Engineer
Cybersecurity
CrowdStrike Elasticsearch IDS Kibana Logstash Python SIEM
Apply Now
AHEAD

AHEAD

AHEAD accelerates the impact of technology on clients by engineering customized data, developer, and infrastructure platforms that improve IT operations. By weaving together cloud infrastructure, intelligent operations, and modern applications, we help...

IT Services
1K-5K
$43M raised
View All Jobs 67

Description

  • Design, implement, and maintain high-fidelity SIEM detection content across cloud-based security platforms.
  • Create, tune, and manage the full lifecycle of detection rules, correlation rules, and analytic use cases.
  • Define and maintain data models, normalization, and enrichment needed for reliable detections.
  • Map detections to frameworks such as MITRE ATT&CK where applicable.
  • Identify detection gaps using incident trends, threat intelligence, and threat hunting outcomes.
  • Reduce false positives and improve alert quality through iterative tuning and performance monitoring.
  • Translate playbooks and incident response workflows into testable detections.
  • Build dashboards, visualizations, and investigative views to support triage and hunting.
  • Work with SOAR engineering to integrate detections into enrichment, triage, and response workflows.
  • Partner with client security and IT teams on new log source onboarding, parsing, normalization, and enrichment.
  • Tune rules, filters, and policies across SIEM and related security tools to improve coverage and reduce noise.
  • Perform log analysis and exploratory data mining to uncover anomalous activity and new detection opportunities.
  • Support process improvement for detection lifecycle management and incident response.
  • Participate in client-facing meetings to explain detection strategy, coverage, and improvements.

Requirements

  • 2–4 years of experience in Security Detection Engineering, Security Automation, or a related discipline.
  • Experience with Elastic Security and core components including Elasticsearch, Logstash, Kibana, Filebeat, and Elastic Agent.
  • Strong SIEM administration and configuration experience, especially with detection use cases, correlation logic, and alert workflows.
  • Experience writing scripts or tools in Python or similar languages to automate detection tasks, data quality checks, or integrations.
  • Incident handling or response experience with a focus on improving IR workflows through detections.
  • Hands-on experience with security technologies such as IDS, firewalls, SIEM, SOAR, EDR, endpoint, and network security tools.
  • Knowledge of log analysis, correlation, anomaly detection, and common security threats, attack vectors, vulnerabilities, and exploits.
  • Strong regular expression skills and familiarity with query languages used in SIEM platforms.
  • Bachelor’s degree in Computer Science, Information Security, or related/equivalent experience.
  • Preferred certifications include CISSP, GCIA, GCIH, GPYC, GMON, GCDA, or Elastic Certified Engineer.

Benefits

  • $120,000–$150,000 annual OTE, including base salary and any target bonus.
  • Medical, dental, and vision insurance.
  • 401(k) retirement plan.
  • Paid company holidays.
  • Paid time off.
  • Paid parental and caregiver leave.
  • Cross-department training and development opportunities.
  • Sponsorship for certifications and credentials for continued learning.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

INflow Federal

Cyber Security Architect

INflow Federal 51-250 Aerospace & Defense

INflow Federal is hiring a fully remote Cyber Security Architect to design and sustain secure enterprise architectures for a modernized Department of Defense information system supporting mission operations.

United States Full-time Senior Security Engineer
Agile DevSecOps ELK Stack OAuth Penetration Testing SAML Splunk
1 hour, 16 minutes ago
FirmaTRUST

Security Operations Center (SOC) Engineer

FirmaTRUST Internet Software & Services

ICE Consulting is hiring a Security Operations Center (SOC) Engineer to monitor, analyze, and respond to security threats while strengthening the company’s and clients’ security posture.

Pakistan Full-time Mid Level Security Analyst Security Engineer
DNS HTTP Metasploit PowerShell Python SIEM Splunk TCP/IP
1 hour, 21 minutes ago
66degrees

Security Identity Engineer, Contract

66degrees 251-1K IT Services

66degrees is hiring a Security Identity Engineer for a 6-month engagement to implement and support the SailPoint Identity Security Cloud platform for secure, scalable identity services.

United States Contract Senior Security Engineer
Active Directory AWS Azure GCP JSON OAuth OpenID Connect PowerShell Python REST API SAML Shell Scripting SOAP XML
3 hours ago
MetroStar

Sr. Information Systems Security Engineer III (6588)

MetroStar 251-1K IT Services

MetroStar is hiring a Sr. Information Systems Security Engineer to protect its digital assets by designing, implementing, and maintaining cybersecurity controls across networks, systems, cloud environments, and compliance-driven solutions.

United States Full-time Lead Security Engineer
$156k-$193k
Cybersecurity Encryption Splunk
4 hours, 46 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers