Sr. Detection Engineer

Job Description

Job Description: Pluralsight is the technology workforce development company that helps teams build better products by knowing more and working better together. We are seeking an experienced Senior Detection Engineer to join our Security Engineering & Operations team. While the Operations team responds to fires, you will be the architect of the smoke detectors.

You will work closely with the Senior Manager of Security Operations to engineering the SIEM, manage the lifecycle of detection rules, and ensure our 24/7 SOC has high-fidelity alerts. Your primary focus will be Detection-as-Code: treating security alerts as engineering problems that require tuning, testing, and version control. Who you’re committed to being: A Builder at Heart: You don’t just consume alerts; you build the logic that generates them. You possess a deep technical understanding of SIEM technologies and know how to onboard custom log sources.

A Critical Thinker: You weigh the tradeoffs between security risk aversion and business priority. You know how to tune out the “noise” to find the “signal.

” A Tenacious Problem-Solver: You investigate root causes. If a data feed breaks, you fix it. If an alert triggers too often, you refine the logic.

A Continuous Learner: You are curious by nature. You stay ahead of the curve on new adversarial techniques (TTPs) and translate that knowledge into new detection rules. A Collaborative Communicator: You are an effective champion within the information security community and the business, using data to drive decisions.

What you’ll do: Detection Logic Lifecycle: Design, develop, and tune high-fidelity detection rules (SIEM content) based on the MITRE ATT&CK framework to identify malicious activity across our ecosystem (Endpoints, Cloud, Network). Tier 3 Operational Support (20%): You will not just build the alerts; you will validate them.

You will dedicate ~20% of your time to serving as the primary escalation point for the MDR and SOC. You will perform deep-dive analysis on complex incidents, handling the investigations that require engineering-level insight. SIEM Architecture & Health: Partner with infrastructure teams to validate log ingestion health, parse custom log sources, and enforce data retention lifecycles to satisfy compliance requirements.

Data Onboarding: Lead the engineering effort to ingest data from new tools (Cloud APIs, SaaS apps, custom internal apps) into the SIEM, ensuring data quality and CIM compliance. MDR/SOC Enablement: Collaborate with our Managed Detection and Response (MDR) providers. You will translate raw data into actionable alerts and provide feedback on their triage quality.

Adversary Simulation: Proactively test your detection rules against known attack vectors to verify they trigger as expected before a real attack occurs. Experience you’ll bring: Familiarity with Cloud Security detection strategies (AWS/Azure/GCP) and Endpoint telemetry (EDR process trees). Experience working with common adversarial tactics, techniques, and procedures (MITRE ATT&CK TTPs) and mapping them to detection rules.

Requirements: 3+ years of proven experience in SIEM Content Development or Detection Engineering. Bachelor of Science in CIS/MIS/CS/CE, Engineering, or related field (or equivalent experience). Possess DoD 8570/8140 recognized certifications for CSSP Analyst or Infrastructure Support, such as GCIA, GMON, GCDA, CEH, or CySA+.

EWJD3