Cyber Defense- Detection Engineer

Role Summary

Location: Hybrid Malvern, PA. The Cyber Defense Engineer will lead hands-on detection engineering and SOC operations to rapidly identify, contain, and resolve security threats. The role focuses on complex investigations, building and maintaining detections, automating response playbooks, and proactive threat hunting. The ideal candidate blends engineering rigor with operational excellence, is comfortable scripting and integrating tools to create a cohesive automated defense ecosystem, and partners with cross-functional teams to improve signal fidelity, reduce false positives, and shorten time to detect and respond, aligned to MITRE ATT&CK.

Responsibilities

• Build, maintain, and tune detections in our SIEM and EDR aligned to MITRE ATT&CK
• Design, develop, and maintain incident response playbooks, integrations, automations to orchestrate response efforts and evidence collection
• Lead hypothesis-driven threat hunting using telemetry from endpoints, identity, network, and cloud to uncover unknown threats
• Own telemetry onboarding data quality and normalization ensuring reliable parsing enrichment context mapping and coverage across priority data sources
• Conduct detection QA and continuous tuning to reduce false positives improve precision and accelerate analyst decision-making
• Partner with Red Team and IR on purple-team exercises to validate detections close gaps and document improvements post-incident
• Participate in incident response as a hands-on responder focusing on rapid containment and translating lessons learned into new and improved detections and playbooks
• Create and track metrics for detection coverage fidelity alert volumes MTTA and MTTR using these insights to guide backlog and roadmap priorities
• Collaborate with IT and platform owners to enable logging controls and data pipelines required for high-quality detections while minimizing operational friction
• Provide mentorship and day-to-day guidance to analysts on detection logic triage techniques hunting methodologies and automation usage
• Stay current on evolving threats and platform capabilities and proactively introduce new detections hunting approaches and automation technique

Qualifications

• Required: 2+ years direct hands-on experience in IT support automation using APIs and Python
• Required: 5+ years direct hands-on experience in a security operations role with an emphasis on incident response and automation
• Preferred: Bachelor's degree in computer science / information systems / business administration or relevant professional experience

Education

• Preferred - Bachelor's degree in computer science / information systems / business administration or relevant professional experience

Skills

• Experience in hypothesis-driven threat hunting, alert triage, and investigations using SIEM/EDR/NDR telemetry and cloud logs; understanding of core forensics concepts (host, network, identity)
• Hands-on experience designing, implementing, and tuning security controls in regulated and hybrid environments
• Working knowledge of security logging pipelines, normalization/enrichment, and data quality concepts to support detection, hunting, and response
• Experience supporting automation and standardization efforts (SOAR, scripting, workflows); able to follow and help create playbooks/runbooks
• Analytics techniques to improve detection and response (reducing false positives, basic anomaly identification, prioritization) with practical outcomes
• Experience with modern security platforms (SIEM, SOAR, EDR, network/email security); experience assisting with SIEM/SOAR content, integrations, or use-case development
• Experience participating in incident response activities: following playbooks, documenting actions, escalating appropriately, and contributing to post-incident improvements
• Working knowledge of administering and securing enterprise platforms (Windows Server and/or Linux/UNIX); familiarity with enterprise architecture patterns
• Ability to communicate security findings and risk clearly to technical and non-technical audiences; collaborative approach with stakeholders
• Strong execution skills with the ability to manage multiple tasks, operate in a fast-paced environment, and contribute hands-on to troubleshooting and implementation with guidance
• Contribute to building and maintaining SOPs, playbooks, and automation-first processes; help standardize repeatable workflows
• Assist with defining and tracking SOC metrics/KPIs (e.g., detection coverage, alert quality, MTTD/MTTR, containment effectiveness) and identify improvement opportunities
• Support the delivery and maintenance of security tooling and detection/response capabilities (implement changes, tune detections, perform health checks) under senior guidance
• Eager to learn from others and share knowledge with peers (without formal people-management expectations)
• Collaborate with risk/strategy and business partners to understand priorities and regulated requirements and help align day-to-day work to those needs

Additional Requirements

• Primarily office-based work involving sitting, computer use, and meetings
• Ability to work flexible hours as needed to coordinate with global teams and support audit readiness activities
• Occasional travel may be required for audits, regulatory meetings, or integration activities
• Travel Requirements: 5%-10%