Lead Cybersecurity Defense Engineer
Position Overview
The Lead Cybersecurity Defense Engineer serves as the organization’s senior-most technical authority within the defensive security domain. This role is responsible for setting technical direction, architecting advanced defensive capabilities, and driving continuous improvement across detection engineering, incident response, and security operations engineering at an enterprise scale.
About the Role
This role leads the design of resilient, scalable, and threat-informed defensive controls aligned to real-world adversary behavior and organizational risk. The Defense Engineer IV partners closely with SOC leadership, security engineering, identity, cloud, infrastructure, and application teams to influence design decisions, close systemic gaps, and ensure defensive capabilities evolve alongside the threat landscape.
Responsibilities
Define and drive the enterprise detection engineering strategy aligned to real-world adversary behavior.
Architect advanced detection capabilities across platforms to ensure comprehensive, scalable coverage.
Establish standards for detection quality, fidelity, testing, and lifecycle management.
Ensure consistent and meaningful mapping of detections to the MITRE ATT&CK framework across the organization.
Translate threat intelligence, emerging attack techniques, and incident learnings into systemic defensive improvements.
Lead development of advanced response playbooks and decision frameworks for complex attack scenarios.
Act as the senior technical authority during high-impact or complex security incidents.
Guide response strategy, investigation approach, and containment decisions during major incidents.
Provide technical oversight of MSSP performance, detection coverage, and response effectiveness.
Influence SOC operating models, escalation criteria, and response workflows through technical leadership.
Represent defensive security expertise in cross-functional incident reviews and risk discussions.
Design and oversee advanced SOAR architectures and automation strategies at scale.
Define and report on program-level metrics such as MTTD, MTTR, and detection coverage maturity.
Mentor senior engineers and SOC leaders through technical coaching and design reviews.
Influence defensive tooling selection, architecture decisions, and long-term capability investments.
Ensure documentation, standards, and engineering practices support long-term scalability and resilience.
Requirements
Bachelor's or Master’s degree in Computer Science or related field.
10+ years of experience IT.
7+ technical cybersecurity experience (3+ years incident response and/or detection engineering and 3+ years in cybersecurity engineering).
Expert level knowledge of detection engineering and incident response.
At least 1 expert level cybersecurity certification such as CISSP, CASP, CCSP, etc.
Qualifications
Target Pay Range: $115,000 – $167,500 annually
This position has a target starting salary range of $115,000 – $167,500 annually. Actual pay is determined by a variety of factors, including but not limited to, qualifications, education, job-related skills, relevant experience, and geographic location.