AlphaSense - Staff Detection and Response Engineer
Upload My Resume
Drop here or click to browse · PDF, DOCX, DOC, RTF, TXT
Requirements
• 7+ years in security operations with 3+ years in detection engineering, including deep expertise in creating high-fidelity rules (SIGMA, YARA-L, KQL, SPL). • Proven track record of building detection strategies across SIEM, EDR, and Cloud platforms, grounded in the MITRE ATT&CK framework. • Expert knowledge of SOAR platforms (e.g., Tines, Splunk SOAR, Cortex XSOAR), architecture, and complex playbook development. • Proven experience designing and implementing SOAR platform architecture from concept to production. • Advanced scripting and automation development skills in Python (required) for API integrations and security tool orchestration. • Strong background in threat hunting methodology, hypothesis development, and campaign execution, with experience leading or co-leading hunting programs. • Proficiency with data analysis, anomaly detection, and hands-on experience with hunting tools like Jupyter Notebooks, Osquery, and Velociraptor. • Deep understanding of attack techniques, lateral movement, persistence mechanisms, and post-exploitation TTPs across Windows, Linux, and macOS. • Familiarity with security frameworks including MITRE ATT&CK, PICERL, NIST CSF, and Detection Maturity Models, and incident response best practices. • Proven ability to lead technical initiatives, mentor team members, and communicate complex technical concepts to diverse audiences. • Experience with YARA-L. • Deep familiarity with Detection Frameworks and detection engineering quality frameworks. • Proven track record implementing SOAR platforms from architecture through operationalization, with experience evaluating multiple platforms. • Advanced knowledge of CrowdStrike Falcon platform including custom IOA rules. • Background in purple team activities, adversary emulation, or red teaming. • Experience with CI/CD practices for detection-as-code and automation-as-code. • Contributions to open-source security projects or security certifications (GCDA, GCIH, GCIA, GCFA, OSCP, or equivalent). • Knowledge of security data lakes (Snowflake, BigQuery) and experience with threat intelligence platforms (TIP). • Published research, blog posts, or conference presentations on detection engineering, automation, or threat hunting topics. • Behavior: • Behavior: • Strategic Thinker: You design solutions that scale, anticipate future needs, and align with organizational security strategy • Strategic Thinker: • Builder & Architect: You design and build complex systems from the ground up, with focus on maintainability and scalability • Builder & Architect: • Quality & Precision Focused: You care deeply about detection accuracy, automation reliability, and operational excellence • Quality & Precision Focused: • Proactive Hunter: You don't wait for alerts—you actively seek threats and continuously question assumptions • Proactive Hunter: • Data-Driven: You use metrics and data analysis to drive decisions, measure impact, and communicate value • Data-Driven:
Responsibilities
• 1. Detection Engineering & Platform Leadership (40%) • Design, implement, and maintain advanced detection rules and correlation logic across SIEM , EDR, and Cloud platforms (AWS, GCP) • Lead detection strategy and architecture aligned with the Detection Quality frameworks • Write high-fidelity detection rules using languages like SIGMA and YARA-L • Conduct deep log source analysis, perform threat modeling, adversary emulation, and maintain MITRE ATT&CK mapping coverage • Conduct detection gap analysis to identify coverage opportunities across the kill chain • Create and maintain detection playbooks, runbooks, and comprehensive documentation • Perform detection quality assessments and continuous improvement initiatives • 2. Security Automation (SOAR) & Response Leadership (40%) • Develop complex automated response playbooks for multi-stage incidents spanning multiple security tools • Integrate security tools via APIs (SIEM, EDR, MDM, CASB, ITSM, threat intelligence platforms) • Create automated enrichment pipelines incorporating threat intelligence, asset context, and user behavior analytics • Develop automated containment actions (account disable, host isolation, firewall rule updates) • Measure and report automation ROI, tracking metrics like time saved and incident handling efficiency • Handle Incident Response processes and procedures as needed • 3. Threat Hunting Co-Leadership & Execution (20%) • Co-lead the organization's threat hunting program with the SOC Manager, defining strategy, methodology, and campaign planning • Execute proactive threat hunting campaigns by conducting hunt queries across SIEM and EDR platforms • Analyze large datasets to identify anomalous behavior patterns including user behavior, process execution, network traffic, and cloud activity • Develop hunting automation and tooling using custom Python scripts, Jupyter Notebooks, Osquery, and Velociraptor • Collaborate with threat intelligence sources to incorporate latest TTPs into hunting campaigns
Benefits
• High-Impact Leadership Role: Own critical security capabilities (detection, automation, hunting) with direct organizational impact • High-Impact Leadership Role: • Greenfield Opportunities: Architect and build SOAR platform from the ground up and lead major SIEM migration efforts • Greenfield Opportunities: • Technical Depth: Solve complex problems at scale with Modern security stack • Technical Depth: • Scale & Complexity: Protect a critical platform serving enterprise customers with sophisticated threats • Scale & Complexity: • Autonomy & Influence: Shape security architecture decisions, tool evaluations, and team direction • Autonomy & Influence: • Growing Team: Join a growing team with clear structure, specialized roles, and growth trajectory • Growing Team: • Balance & Variety: Split time between strategic architecture (detection, SOAR) and hands-on execution (hunting, investigation) • Balance & Variety: • Innovation Culture: Implement detection-as-code, automation-as-code, and data-driven security practices • Innovation Culture: • Important notice: We are an AI-driven company and actively use AI tools in our day-to-day work. However, the use of AI tools during the interview process is not permitted. Interviews are designed to assess your individual skills and thinking. If we determine that a candidate is using AI assistance to answer interview questions, this may result in disqualification from the hiring process. • Important notice: • AlphaSense is an equal-opportunity employer. We are committed to a work environment that supports, inspires, and respects all individuals. All employees share in the responsibility for fulfilling AlphaSense’s commitment to equal employment opportunity. AlphaSense does not discriminate against any employee or applicant on the basis of race, color, sex (including pregnancy), national origin, age, religion, marital status, sexual orientation, gender identity, gender expression, military or veteran status, disability, or any other non-merit factor. This policy applies to every aspect of employment at AlphaSense, including recruitment, hiring, training, advancement, and termination. • In addition, it is the policy of AlphaSense to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations, and ordinances where a particular employee works. • Recruiting Scams and Fraud • We at AlphaSense have been made aware of fraudulent job postings and individuals impersonating AlphaSense recruiters. These scams may involve fake job offers, requests for sensitive personal information, or demands for payment. Please note: • AlphaSense never asks candidates to pay for job applications, equipment, or training. • All official communications will come from an @alpha-sense.com email address. • If you’re unsure about a job posting or recruiter, verify it on our Careers page. • If you believe you’ve been targeted by a scam or have any doubts regarding the authenticity of any job listing purportedly from or on behalf of AlphaSense please contact us. Your security and trust matter to us.
No credit card. Takes 10 seconds.