RemoteLeaf Logo
Log in Sign up

Senior SIEM Detection Engineer

2 weeks, 2 days ago
United States
Full-time
Senior
Security Engineer
Cybersecurity
CrowdStrike Elasticsearch IDS Kibana Logstash Python SIEM
Apply Now
AHEAD

AHEAD

AHEAD accelerates the impact of technology on clients by engineering customized data, developer, and infrastructure platforms that improve IT operations. By weaving together cloud infrastructure, intelligent operations, and modern applications, we help...

IT Services
1K-5K
$43M raised
View All Jobs 69

Description

  • Design, implement, and maintain high-fidelity SIEM detection content across cloud-based security platforms.
  • Create, tune, and manage the full lifecycle of detection rules, correlation rules, and analytic use cases.
  • Define and maintain data models, normalization, and enrichment needed for reliable detections.
  • Map detections to frameworks such as MITRE ATT&CK where applicable.
  • Identify detection gaps using incident trends, threat intelligence, and threat hunting outcomes.
  • Reduce false positives and improve alert quality through iterative tuning and performance monitoring.
  • Translate playbooks and incident response workflows into testable detections.
  • Build dashboards, visualizations, and investigative views to support triage and hunting.
  • Work with SOAR engineering to integrate detections into enrichment, triage, and response workflows.
  • Partner with client security and IT teams on new log source onboarding, parsing, normalization, and enrichment.
  • Tune rules, filters, and policies across SIEM and related security tools to improve coverage and reduce noise.
  • Perform log analysis and exploratory data mining to uncover anomalous activity and new detection opportunities.
  • Support process improvement for detection lifecycle management and incident response.
  • Participate in client-facing meetings to explain detection strategy, coverage, and improvements.

Requirements

  • 2–4 years of experience in Security Detection Engineering, Security Automation, or a related discipline.
  • Experience with Elastic Security and core components including Elasticsearch, Logstash, Kibana, Filebeat, and Elastic Agent.
  • Strong SIEM administration and configuration experience, especially with detection use cases, correlation logic, and alert workflows.
  • Experience writing scripts or tools in Python or similar languages to automate detection tasks, data quality checks, or integrations.
  • Incident handling or response experience with a focus on improving IR workflows through detections.
  • Hands-on experience with security technologies such as IDS, firewalls, SIEM, SOAR, EDR, endpoint, and network security tools.
  • Knowledge of log analysis, correlation, anomaly detection, and common security threats, attack vectors, vulnerabilities, and exploits.
  • Strong regular expression skills and familiarity with query languages used in SIEM platforms.
  • Bachelor’s degree in Computer Science, Information Security, or related/equivalent experience.
  • Preferred certifications include CISSP, GCIA, GCIH, GPYC, GMON, GCDA, or Elastic Certified Engineer.

Benefits

  • $120,000–$150,000 annual OTE, including base salary and any target bonus.
  • Medical, dental, and vision insurance.
  • 401(k) retirement plan.
  • Paid company holidays.
  • Paid time off.
  • Paid parental and caregiver leave.
  • Cross-department training and development opportunities.
  • Sponsorship for certifications and credentials for continued learning.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

INflow Federal

DevSecOps Engineer

INflow Federal 51-250 Aerospace & Defense

INflow Federal is seeking a fully remote DevSecOps Engineer to support an enterprise case management solution for Department of Defense mission partners by securing and automating cloud-based CI/CD and infrastructure operations in AWS GovCloud.

United States Full-time Senior DevOps Engineer Security Engineer
Agile AWS Bash CI/CD CloudFormation Docker ELK Stack Git GitLab CI Helm Jenkins Kubernetes PowerShell Prometheus Python Terraform
1 hour, 56 minutes ago
Klaviyo

Lead Security Engineer, Enterprise Security

Klaviyo 1K-5K IT Services

Klaviyo is hiring a Lead Security Engineer to secure its corporate systems and platforms across SaaS, identity, endpoints, Zero Trust networking, and perimeter security.

United States Full-time Lead Security Engineer
$175k-$263k
AWS Azure Cloudflare CrowdStrike GCP OAuth Secrets Management Terraform Vercel
2 hours, 37 minutes ago
Anduril Industries

Senior Detection and Response Engineer

Anduril Industries 1K-5K Aerospace & Defense

Anduril Industries is hiring a Senior Detection and Response Engineer to build and operate defensive security controls that protect the infrastructure supporting its defense technology products.

United States Full-time Senior Security Engineer
$166k-$220k
AWS Azure CI/CD CloudFormation Docker GitHub Go Kubernetes Network Security Python Rust SQL Terraform
4 hours, 17 minutes ago
Klaviyo

Lead Security Engineer, Enterprise Security

Klaviyo 1K-5K IT Services

Klaviyo is hiring a Lead Security Engineer to secure its corporate systems and platforms across SaaS, identity, endpoints, Zero Trust networking, and perimeter defenses in a hands-on technical leadership role.

United States Full-time Lead Security Engineer
$175k-$263k
AWS Azure Cloudflare CrowdStrike GCP OAuth OpenID Connect Secrets Management Terraform Vercel
4 hours, 50 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers