workfromanywhereworkfromanywhere
All jobs
AHEADEngineering

Senior SIEM Detection Engineer

United States$120k–$150kPosted 2 days ago

The Senior SIEM Detection Engineer at AHEAD is responsible for designing, implementing, and maintaining high-fidelity detection content within cloud-based SIEM solutions, supporting a 24/7 Security Operations Center. The role involves continuous improvement of security detection capabilities across client environments.

Location: United States

Salary: $120k–$150k

Responsibilities

  • Lead and perform detection content development within the SIEM platform (Elastic, Palo XSIAM, Crowdstrike), including creation, tuning, and lifecycle management of detection rules, correlation rules, and analytic stories/use cases.
  • Define and maintain data models, normalization, and enrichment required to support high‑quality detections.
  • Map detections to frameworks such as MITRE ATT&CK where applicable.
  • Identify gaps in detection coverage based on incident trends, threat intelligence, and hunt activities.
  • Reduce false positives and improve alert signal‑to‑noise ratio through iterative tuning.
  • Translate playbooks and incident response workflows into robust, testable detection.
  • Monitor and manage the health and performance of SIEM detection content, including tracking detection firing patterns, volumes, and performance impact.
  • Conduct post-incident reviews to refine detections and create new coverage.
  • Ensure detections remain aligned with client use cases, risk profiles, and contracted scope.
  • Partner with AHEAD Managed Security and client resources in the design and implementation of new data visualizations and detection rules.
  • Collaborate with AHEAD Managed Security SOAR (Swimlane) engineering resources to integrate SIEM detections with SOAR workflows.
  • Engage with client security and IT infrastructure teams for new data source onboarding activities.
  • Tune rules, filters, and policies across SIEM and related security technologies.
  • Perform data mining and exploratory analysis of log sources.
  • Develop and improve detection lifecycle management processes.
  • Participate in client-facing security meetings to explain detection strategy, coverage, and improvements.

Requirements

  • Experience with Elastic Security and its core components (Elasticsearch, Logstash, Kibana, Filebeat, Elastic Agent), with a focus on detection engineering, rule creation, and data modeling.
  • Strong SIEM administration and configuration experience, particularly around detection use cases, correlation logic, and alert workflows.
  • Experience writing tools or scripts to automate detection-related tasks, data quality checks, and integrations in Python or similar languages.
  • Demonstrated ability to think creatively and build elegant detection solutions to complex security problems.
  • Excellent verbal and written communication skills, including the ability to communicate detection logic and findings to both technical and non‑technical stakeholders.
  • Incident handling/response experience, with a focus on using detections to support and improve IR workflows.
  • Desire to work both independently and collaboratively with a larger managed services and client team.
  • A strong appetite for learning, experimentation, and continuous improvement in detection engineering.
  • 2–4 years of experience in Security Detection Engineering, Security Automation, or related disciplines.
  • Hands-on experience with common security technologies: IDS, Firewall, SIEM, SOAR, EDR, endpoint and network security tools.
  • Knowledge of common security analysis tools & techniques, including log analysis, correlation, and anomaly detection.
  • Understanding of common security threats, attack vectors, vulnerabilities, and exploits, and how they manifest in telemetry.
  • Strong regular expression skills and familiarity with query languages used in SIEM platforms.
  • Customer service focused and portrays energy, professionalism, and welcoming characteristics.
  • Strong ability to work in a highly sensitive and confidential environment.
  • Ability to meet deadlines and perform effectively under pressure.
  • Ability to identify issues and help develop strategic and tactical plans for Managed Security and detection-related initiatives.
  • Ability to use good judgment and decision-making skills in ambiguous or complex detection and incident scenarios.

Benefits

  • Medical, Dental, and Vision Insurance
  • 401(k)
  • Paid company holidays
  • Paid time off
  • Paid parental and caregiver leave
  • Additional benefits available at https://www.aheadbenefits.com/
Apply Now

Location

United States

Salary

$120k–$150k

Category

Engineering

Company

AHEAD

Source

himalayas

Posted

2 days ago

Skills & Tags

siemsecurity operations centerthreat detectionsecurity automationmanaged security services

Similar remote jobs

LiberatiiNewEngineering

Software Engineer

United Kingdom
engineeringbackenddatabasefullstackdevops
today
CrewBloomNewEngineering

Operations Specialist (Programming & AI Focus)

Remote
aimachine-learningoperationsengineeringautomation
today
FullbayNewEngineering

Software Engineer I

Remote$75,000 - $100,000/yr
softwareengineeringdevelopmentbackendfullstack
today
Grafana LabsNewEngineering

Director of Engineering, Loki Databases | USA | Remote

Remote (US)USD 236,851- USD 284,221
engineeringdatabasesobservabilitycloudsoftware-engineering
today
iFoodNewEngineering

AI Security Specialist

Remote
aisecuritycybersecurityllmprompt-injection
today