Detection Engineer (100% Remote)

Our customer is a large United States insurance company that is backed by more than 100 years of experience and provides insurance products and services for businesses and professionals in the United States., Canada and Europe. Headquartered in Chicago, IL, they have more than 20 US locations.

We are seeking a contract Detection Engineer to support our Customer's business needs. This role is 100% remote.

Responsibilities:

• Design, build, test, and maintain high-fidelity detection content within SIEM environments
• Implement Detection-as-Code practices, including version control, peer review, CI/CD pipelines, and automated validation
• Develop and tune detection logic aligned to MITRE ATT&CK techniques and adversary behaviors
• Plan and execute purple team exercises and threat emulation using ATT&CK-driven methodologies
• Measure detection coverage and response effectiveness; translate findings into actionable improvements
• Partner with SOC, incident response, and platform teams to improve alert quality, workflows, and escalation processes
• Define logging strategies, onboard new data sources, and implement parsing, normalization, and enrichment standards
• Operate within Agile/SAFe frameworks, managing backlogs, user stories, and sprint deliverables
• Define and track detection metrics such as coverage, false positives, and mean time to detect
• Communicate risk, findings, and outcomes to both technical and non-technical stakeholders
• Document detections, procedures, runbooks, and knowledge artifacts for scalability and repeatability

Skills and Qualifications:

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field, or equivalent experience
• Strong experience in detection engineering and security analytics within SIEM platforms (preferably Splunk ES)
• Proficiency in SPL, data models, field extraction, lookups, and enrichment
• Deep understanding of MITRE ATT&CK, adversary TTPs, and detection mapping
• Experience in threat hunting and incident investigations across endpoint, identity, network, and cloud telemetry
• Familiarity with frameworks such as Cyber Kill Chain, Diamond Model, and OODA loop
• Experience with EDR tools such as CrowdStrike Falcon or similar platforms
• Strong knowledge of endpoint security, attacker techniques, and investigation workflows
• Proficiency in Python for automation, log parsing, and analytics
• Experience with Git and developer workflows (branching, pull requests, reviews)
• Familiarity with CI/CD pipelines applied to security content
• Working knowledge of cloud environments (preferably Google Cloud), containers (Docker), and Kubernetes
• Experience with infrastructure-as-code tools such as Terraform and configuration tools like Ansible
• Strong collaboration skills and experience working in Agile environments
• Excellent communication skills with the ability to translate technical insights into business impact

Preferred Qualifications:

• Experience with Risk-Based Alerting (RBA) in Splunk
• Experience with breach-and-attack simulation or continuous validation platforms
• Knowledge of web application security (OWASP principles)
• Experience designing data onboarding standards and enrichment pipelines
• Experience mentoring or leading detection engineering practices

Preferred Certifications:

• Splunk certifications (Core, Power User, Admin, or ES-focused)
• MITRE ATT&CK training (Detection Engineering, SOC Assessments, Purple Teaming)
• Cloud certifications (e.g., Google Cloud)
• Security certifications such as GCIH, GCIA, CISSP, or Security+
• Agile/SAFe certification (preferred)

We offer a competitive salary range for this position. Most candidates who join our team are hired at the median of this range, ensuring fair and equitable compensation based on experience and qualifications.

Contractor benefits are available through our 3rd Party Employer of Record (Available upon completion of waiting period for eligible engagements)

Benefits include: Medical, Dental, Vision, 401k.

An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

We offer a competitive salary range for this position. Most candidates who join our team are hired at the median of this range, ensuring fair and equitable compensation based on experience and qualifications.

Contractor benefits are available through our 3rd Party Employer of Record (Available upon completion of waiting period for eligible engagements)

Benefits include: Medical, Dental, Vision, 401k.

An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.