Senior Detection Engineer

HI Folks

Please check the JD and share your updated resume to my email naresh@sapphiresoftwaresolutions.com and ping me on whatsapp (+91 970-529-6474) along with your resume

Role; Cyber Security Engineer/Principal Security Engineer/Senior Threat Detection Engineer

100% Remote

1 year contract-Night Shift

Total at least 10+ years of experience required

Required Skills & Experience

• 5+ years in detection engineering, threat hunting, or security operations.

• Endpoint & identity detection expertise—CrowdStrike Falcon/IDP preferred—plus strong proficiency in modern SIEMs (e.g., Splunk, Microsoft Sentinel, CrowdStrike “Next‑Gen SIEM”) and SOAR.

• Cloud security across AWS and/or Azure, including secure architecture and workload protections.

• Detection engineering & automation: rule authoring/tuning, query languages (FQL/CQL, KQL, SPL), and scripting (Python/PowerShell).

• Telemetry engineering & troubleshooting: sensor/agent health and log pipelines (e.g., Cribl or similar) to ensure reliable, high‑fidelity detections.

Nice to Have Skills & Experience

• Familiarity with MITRE ATT&CK, NIST 800‑53, and modern detection frameworks.

• Expertise in data pipeline optimization (Cribl or similar) for log normalization and enrichment.

• Strong background in endpoint and identity security (EDR/XDR, MFA, Conditional Access).

• Knowledge of DevSecOps practices: integrating SAST/DAST/SCA into CI/CD and detection‑as‑code workflows.

• Experience with SaaS security posture management and UEBA for cloud apps.

• Exposure to OT/xOT security and industrial network monitoring.

• Certifications such as CISSP, GIAC (GDSA/GMON/GCIA), OSCP, CCSK/CCSP, or vendor‑specific cloud/security certs.

• Familiarity with AI/ML security concepts and adversary emulation techniques.

• Threat intelligence integration: correlating IOCs, leveraging TI platforms, and supporting proactive detection.

• Secure API design and testing aligned with OWASP API Top 10.

Job Description

We are seeking a highly experienced Senior Detection Engineer to lead the development and optimization of advanced threat detection and response capabilities across endpoint, identity, cloud, SaaS, and OT/xOT environments. This role requires deep expertise in the CrowdStrike ecosystem (Falcon Endpoint, Next-Gen SIEM, Identity Protection (IDP), FUSION), SOAR platforms, and cloud security. You will serve as the CrowdStrike SME—owning sensor deployment, troubleshooting, automation, and query development—while partnering with SOC, Cloud, Infrastructure, and Application teams to measurably reduce risk and drive secure architecture and engineering initiatives. This employee will need to work US hours, specifically 8AM-5PM EST.

Key Responsibilities

• Own CrowdStrike detections—author, test, and tune in Falcon/Next‑Gen SIEM/FUSION; leverage IDP for identity attacks.

• Hunt and validate using FQL/CQL; measure detection fidelity and reduce false positives.

• Build cloud detections for AWS/Azure/GCP and integrate cloud‑native logs and controls.

• Engineer the telemetry pipeline with Cribl: normalize, enrich, and route data to SIEM.

• Operate the CrowdStrike stack end‑to‑end: sensor deployment/health, telemetry gaps, escalations; engage CrowdStrike support.

• Design SOAR automations and safe containment to shrink MTTD/MTTR; integrate with IR/compliance workflows.

• Translate MITRE ATT&CK and threat models into prioritized detection use cases and playbooks.

• Partner with Infra/Cloud/SOC to harden endpoints, identity, and M365/SaaS security configurations.

• Lead OT/xOT visibility and low‑impact rollout of detections where applicable.

• Mentor engineers/analysts and maintain standards, runbooks, and incident playbooks.