Senior Threat Detection Engineer
Job Description:
- Design, implement, and tune detection rules and logic across SIEM, EDR, and cloud platforms.
- Develop and maintain threat detection use cases based on MITRE ATT&CK and other frameworks.
- Perform threat hunting and anomaly detection using behavioral analytics and telemetry.
- Collaborate with IAM, Data Protection, cloud security, and engineering teams to improve detection coverage.
- Analyze threat intelligence and integrate findings into detection strategies.
- Directly monitor, test, and calibrate detection use cases; analyze data to minimize false positives and maximize actionable alerts—proposing and executing code changes to achieve measurable improvements.
- Lead purple team exercises and detection validation efforts.
- Maintain technical documentation by directly managing the materials and summaries of your own work and solutions, and by actively communicating updates to stakeholders.
- Develop use-cases based on intelligence, red team results, and incident data
- Write detection and correlation rules to identify threats across our stack
- Assist in onboarding logs and identifying gaps in logs or alert results
- Develop a deep understanding of data models, macros, indexes, sources, and field alias and the technology foundation our detection stack is built
- Understand data schema/API standards, automation, and messaging systems
- Bring a metric-driven mindset to our rules, signals (IOCs), and alerts
- Other duties as assigned, we are one family and help each other.
Requirements:
- 5+ years of professional experience in two or more domains, including: detection engineering, data engineering, incident response, threat hunting, threat intelligence
- Refine, validate and exercise our Threat Detection and Response Programs.
- Ability to measure detection coverage across common frameworks (e.g. NIST CSF, MITRE, KC) and simplify rules and configurations to optimize alerts
- Develop detection techniques to protect our evolving environment.
- Ability to automate tasks via scripting, automating inputs and outputs of APIs, and programming skills such as python to enable detection engineering tasks
- Exceptional interpersonal, organizational, and communication skills and ability to internalize and exemplify Lantern’s LIGHT Values.
- Experience in healthcare or regulated industries.
- Certifications such as GCDA, GCTI, OSCP, or similar.
- Experience with Sigma rules, YARA, and threat modeling.
- Hands-on technical contributor with demonstrated ability to execute and deliver engineering projects impacting security posture in complex and fast-changing environments.
- Experience designing, coding, and deploying security solutions, comfortable with Python and at least one of: Java, Go, C++, JavaScript, Rust, SQL, or TypeScript.
- Practical skills with security tools and scripting: you design, build, and maintain solutions, not just click in a UI.
- Experience writing or refining detection logic for SIEM, EDR, NDR, WAF, or similar, and a record of tuning signals and controls for high fidelity and low noise through real-world testing and iteration.
- Proven ability to analyze and defend modern cloud and on-premises environments: you know how to break and fix systems, leveraging tools like CloudTrail, Security Hub, etc.
- Track record of hands-on threat hunting and incident response, using your engineering skill to create new detections and automate investigation processes.
- In-depth knowledge of attacker TTPs and a technical mindset for designing countermeasures that can be implemented and measured.
- Thrives in a team environment, supporting and mentoring peers with your engineering experience, and eager to tackle the next technical challenge.
Benefits:
- Medical Insurance
- Dental Insurance
- Vision Insurance
- Short & Long Term Disability
- Life Insurance
- 401k with company match
- Paid Time Off
- Paid Parental Leave
Apply tot his job Apply To this Job