"Alerted.org

Job Description

We are seeking a highly experienced Senior Detection Engineer to lead the development and optimization of advanced threat detection and response capabilities across endpoint, identity, cloud, SaaS, and OT/xOT environments. This role requires deep expertise in the CrowdStrike ecosystem (Falcon Endpoint, Next-Gen SIEM, Identity Protection (IDP), FUSION), SOAR platforms, and cloud security. You will serve as the CrowdStrike SME—owning sensor deployment, troubleshooting, automation, and query development—while partnering with SOC, Cloud, Infrastructure, and Application teams to measurably reduce risk and drive secure architecture and engineering initiatives. This employee will need to work US hours, specifically 8AM-5PM EST.

Key Responsibilities

• Own CrowdStrike detections—author, test, and tune in Falcon/Next‑Gen SIEM/FUSION; leverage IDP for identity attacks.

• Hunt and validate using FQL/CQL; measure detection fidelity and reduce false positives.

• Build cloud detections for AWS/Azure/GCP and integrate cloud‑native logs and controls.

• Engineer the telemetry pipeline with Cribl: normalize, enrich, and route data to SIEM.

• Operate the CrowdStrike stack end‑to‑end: sensor deployment/health, telemetry gaps, escalations; engage CrowdStrike support.

• Design SOAR automations and safe containment to shrink MTTD/MTTR; integrate with IR/compliance workflows.

• Translate MITRE ATT&CK and threat models into prioritized detection use cases and playbooks.

• Partner with Infra/Cloud/SOC to harden endpoints, identity, and M365/SaaS security configurations.

• Lead OT/xOT visibility and low‑impact rollout of detections where applicable.

• Mentor engineers/analysts and maintain standards, runbooks, and incident playbooks.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to [email protected] learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

Skills and Requirements

• 5+ years in detection engineering, threat hunting, or security operations.

• Endpoint & identity detection expertise—CrowdStrike Falcon/IDP preferred—plus strong proficiency in modern SIEMs (e.g., Splunk, Microsoft Sentinel, CrowdStrike “Next‑Gen SIEM”) and SOAR.

• Cloud security across AWS and/or Azure, including secure architecture and workload protections.

• Detection engineering & automation: rule authoring/tuning, query languages (FQL/CQL, KQL, SPL), and scripting (Python/PowerShell).

• Telemetry engineering & troubleshooting: sensor/agent health and log pipelines (e.g., Cribl or similar) to ensure reliable, high‑fidelity detections. • Familiarity with MITRE ATT&CK, NIST 800‑53, and modern detection frameworks.

• Expertise in data pipeline optimization (Cribl or similar) for log normalization and enrichment.

• Strong background in endpoint and identity security (EDR/XDR, MFA, Conditional Access).

• Knowledge of DevSecOps practices: integrating SAST/DAST/SCA into CI/CD and detection‑as‑code workflows.

• Experience with SaaS security posture management and UEBA for cloud apps.

• Exposure to OT/xOT security and industrial network monitoring.

• Certifications such as CISSP, GIAC (GDSA/GMON/GCIA), OSCP, CCSK/CCSP, or vendor‑specific cloud/security certs.

• Familiarity with AI/ML security concepts and adversary emulation techniques.

• Threat intelligence integration: correlating IOCs, leveraging TI platforms, and supporting proactive detection.

• Secure API design and testing aligned with OWASP API Top 10.