Jobs · Information Technology · Massachusetts

Security Detection Engineer

WHOOP · Boston, MA · 2 wk ago
On-siteInformation Technology$130k–$170k/yrFull-time

Responsibilities

  • Design, build, and scale high-signal detections across cloud, identity, endpoint, network, and application layers using Detection-as-Code principles.
  • Develop and maintain detection logic aligned to real-world attacker behavior and frameworks such as MITRE ATT&CK across modern security platforms.
  • Translate threat intelligence into actionable detections and validate effectiveness through adversary emulation and testing.
  • Build behavioral detections to protect against threats such as account takeover, credential abuse, API misuse, automation attacks, privilege escalation, and data exfiltration.
  • Continuously improve detection quality by tuning alerts, reducing false positives, and implementing automated enrichment and triage.
  • Define and track detection KPIs (e.g., precision, recall, false positive rate, MTTD) and implement processes to measure and improve detection health.
  • Support and lead incident investigations, including containment, root cause analysis, and post-incident detection improvements.
  • Contribute to the on-call rotation while proactively reducing operational overhead through automation.
  • Partner with Engineering, IT, Infrastructure, Product, and GRC to ensure systems launch with strong monitoring and detection coverage.
  • Map detections to threat models, identify visibility gaps, and continuously improve coverage as the environment scales.
  • Explore and apply advanced analytics and machine learning techniques to improve detection fidelity, reduce noise, and enhance triage and investigation workflows.
  • Stay ahead of evolving threats by researching emerging attack techniques and incorporating learnings into detection strategy.

Qualifications

  • 4+ years of hands-on experience in Information Security, with a focus on detection engineering, threat detection, or security operations.
  • Demonstrated experience writing and tuning detections across cloud, identity, endpoint, or application environments.
  • Familiarity with detection frameworks and tooling such as YARA, SIGMA, Suricata, or similar rule-based detection methodologies.
  • Strong understanding of attacker techniques across identity compromise, cloud abuse, lateral movement, and data exfiltration.
  • Expertise analyzing and building detections on cloud and SaaS telemetry, including authentication events, API activity, and system logs.
  • Strong scripting skills in a scripting language such as Python, Go, or PowerShell for automation and tool development.
  • Ability to operate effectively in a fast-paced, high-growth environment.
  • Strong analytical mindset with a systems-thinking approach to reducing noise and increasing signal fidelity.
  • Experience supporting incident response investigations and participating in on-call rotations.
  • Experience building detective controls for consumer-facing platforms or detecting authentication and API abuse at scale is a strong plus.
  • Effective communicator who can collaborate with engineers and explain detection strategy clearly to both technical and non-technical stakeholders.
  • Experience applying data analysis or machine learning techniques to security detection or alert triage is a plus.
  • Bachelor’s degree in Computer Science, Information Security, or a related technical field, and/or relevant security certifications are a plus.

Similar jobs

Detection Engineer

NelnetUnited States· 3 wk ago
RemoteEngineering$100k–$110k/yrapply on nelnet.wd1.myworkdayjobs.com

Detection Engineer

Tempus AIChicago, IL· 2 wk ago
Engineering$100k–$140k/yrapply on tempus.wd5.myworkdayjobs.com

Detection Engineer

Accenture Federal ServicesArlington, VA· 2 wk ago
Information Technology$91k–$221k/yrapply on boards.greenhouse.io

Detection Engineer

Electronic Arts (EA)Orlando, FL· 1 wk ago
Engineeringapply on jobs.ea.com