Requirements
- 7+ years in security operations with 3+ years in detection engineering, including deep expertise in creating high-fidelity rules (SIGMA, YARA-L, KQL, SPL)
- Proven track record of building detection strategies across SIEM, EDR, and Cloud platforms, grounded in the MITRE ATT&CK framework
- Expert knowledge of SOAR platforms (e.g., Tines, Splunk SOAR, Cortex XSOAR), architecture, and complex playbook development
- Proven experience designing and implementing SOAR platform architecture from concept to production
- Advanced scripting and automation development skills in Python (required) for API integrations and security tool orchestration
- Strong background in threat hunting methodology, hypothesis development, and campaign execution, with experience leading or co-leading hunting programs
- Proficiency with data analysis, anomaly detection, and hands-on experience with hunting tools like Jupyter Notebooks, Osquery, and Velociraptor
- Deep understanding of attack techniques, lateral movement, persistence mechanisms, and post-exploitation TTPs across Windows, Linux, and macOS
- Familiarity with security frameworks including MITRE ATT&CK, PICERL, NIST CSF, and Detection Maturity Models, and incident response best practices
- Proven ability to lead technical initiatives, mentor team members, and communicate complex technical concepts to diverse audiences
Nice to Have
- Experience with YARA-L
- Deep familiarity with Detection Frameworks and detection engineering quality frameworks
- Proven track record implementing SOAR platforms from architecture through operationalization, with experience evaluating multiple platforms
- Advanced knowledge of CrowdStrike Falcon platform including custom IOA rules
- Background in purple team activities, adversary emulation, or red teaming
- Experience with CI/CD practices for detection-as-code and automation-as-code
- Contributions to open-source security projects or security certifications (GCDA, GCIH, GCIA, GCFA, OSCP, or equivalent)
- Knowledge of security data lakes (Snowflake, BigQuery) and experience with threat intelligence platforms (TIP)
- Published research, blog posts, or conference presentations on detection engineering, automation, or threat hunting topics
Additional Information
- Recruiting scams warning: AlphaSense never asks candidates to pay for job applications, equipment, or training. All official communications come from @alpha-sense.com email addresses. Verify job postings on the Careers page.
- Reasonable accommodation provided to qualified employees with protected disabilities as required by law.
- Equal opportunity employer: AlphaSense does not discriminate based on race, color, sex (including pregnancy), national origin, age, religion, marital status, sexual orientation, gender identity, gender expression, military or veteran status, disability, or any other non-merit factor.
