Security Detection Engineer
WHOOP · Boston, MA · 2 wk ago
On-siteInformation Technology$130k–$170k/yrFull-time
Responsibilities
- Design, build, and scale high-signal detections across cloud, identity, endpoint, network, and application layers using Detection-as-Code principles.
- Develop and maintain detection logic aligned to real-world attacker behavior and frameworks such as MITRE ATT&CK across modern security platforms.
- Translate threat intelligence into actionable detections and validate effectiveness through adversary emulation and testing.
- Build behavioral detections to protect against threats such as account takeover, credential abuse, API misuse, automation attacks, privilege escalation, and data exfiltration.
- Continuously improve detection quality by tuning alerts, reducing false positives, and implementing automated enrichment and triage.
- Define and track detection KPIs (e.g., precision, recall, false positive rate, MTTD) and implement processes to measure and improve detection health.
- Support and lead incident investigations, including containment, root cause analysis, and post-incident detection improvements.
- Contribute to the on-call rotation while proactively reducing operational overhead through automation.
- Partner with Engineering, IT, Infrastructure, Product, and GRC to ensure systems launch with strong monitoring and detection coverage.
- Map detections to threat models, identify visibility gaps, and continuously improve coverage as the environment scales.
- Explore and apply advanced analytics and machine learning techniques to improve detection fidelity, reduce noise, and enhance triage and investigation workflows.
- Stay ahead of evolving threats by researching emerging attack techniques and incorporating learnings into detection strategy.
Qualifications
- 4+ years of hands-on experience in Information Security, with a focus on detection engineering, threat detection, or security operations.
- Demonstrated experience writing and tuning detections across cloud, identity, endpoint, or application environments.
- Familiarity with detection frameworks and tooling such as YARA, SIGMA, Suricata, or similar rule-based detection methodologies.
- Strong understanding of attacker techniques across identity compromise, cloud abuse, lateral movement, and data exfiltration.
- Expertise analyzing and building detections on cloud and SaaS telemetry, including authentication events, API activity, and system logs.
- Strong scripting skills in a scripting language such as Python, Go, or PowerShell for automation and tool development.
- Ability to operate effectively in a fast-paced, high-growth environment.
- Strong analytical mindset with a systems-thinking approach to reducing noise and increasing signal fidelity.
- Experience supporting incident response investigations and participating in on-call rotations.
- Experience building detective controls for consumer-facing platforms or detecting authentication and API abuse at scale is a strong plus.
- Effective communicator who can collaborate with engineers and explain detection strategy clearly to both technical and non-technical stakeholders.
- Experience applying data analysis or machine learning techniques to security detection or alert triage is a plus.
- Bachelor’s degree in Computer Science, Information Security, or a related technical field, and/or relevant security certifications are a plus.