Senior SIEM Detection Engineer

AHEAD builds platforms for digital business.

By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation.At AHEAD, we prioritize creating a culture of belonging, where all perspectives and voices are represented, valued, respected, and heard.

We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD.

We are an equal opportunity employer, and do not discriminate based on an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status, or any other protected characteristic under applicable law, whether actual or perceived.

We embrace all candidates that will contribute to the diversification and enrichment of ideas and perspectives at AHEAD.

The Managed Security Team at AHEAD monitors client environments and performs incident detection, validation, and reporting.

The Sr SIEM Detection Engineer will be primarily responsible for designing, implementing, and maintaining high‑fidelity detection content within our cloud-based SIEM solutions, and for driving continuous improvement of AHEAD’s Managed Security detection capabilities across all clients.This is a technical, hands-on position that requires a strong understanding of the needs of a 24/7 Security Operations Center (SOC).

We are looking for a candidate with deep SIEM, security operations, and detection engineering experience who will work closely with the Managed Security staff and other highly technical teams, both within AHEAD and in client environments, to continuously improve and enhance AHEAD’s Managed Security SIEM detection strategy, rules, and content.The ideal candidate possesses strong technical and analytical skills and can provide accurate analysis of security-related problems.

They have a well-rounded networking and infrastructure background and are responsible for troubleshooting detection- and data-related issues in client environments.

This individual is user-focused and works to resolve client needs in a timely manner.

These needs may involve improving or tuning detections, investigating and responding to security threats, and making change requests to security policies and data collection configurations.The Sr SIEM Detection Engineer is responsible for the day-to-day management and evolution of SIEM detection content used by the Managed Security Team to monitor client environments and detect security threats, including: data ingestion and normalization strategy, enrichment design, detection use case creation and tuning, alert quality and noise reduction, and detection performance monitoring.

The Sr SIEM Detection Engineer is expected to be familiar with a wide range of security tools and understand core security detection and threat analysis fundamentals.Roles and Responsibilities Lead and perform detection content development within the SIEM platform (Elastic, Palo XSIAM, Crowdstrike), including:Creation, tuning, and lifecycle management of detection rules, correlation rules, and analytic stories/use casesDefinition and maintenance of data models, normalization, and enrichment required to support high‑quality detectionsMapping detections to frameworks such as MITRE ATT&CK where applicableIdentify gaps in detection coverage based on incident trends, threat intelligence, and hunt activitiesReduce false positives and improve alert signal‑to‑noise ratio through iterative tuningTranslate playbooks and incident response workflows into robust, testable detection.

Monitor and manage the health and performance of SIEM detection content, including:Tracking detection firing patterns, volumes, and performance impact.

Conducting post-incident reviews to refine detections and create new coverage.Ensuring detections remain aligned with client use cases, risk profiles, and contracted scope.New and existing detections are prioritized based on risk, impact, and available dataPartner with AHEAD Managed Security and client resources in the design and implementation of new data visualizations and detection rules, including:Building dashboards, visualizations, and investigative views that support triage and huntingCollaborate with AHEAD Managed Security SOAR (Swimlane) engineering resources to:Integrate SIEM detections with SOAR workflows for enrichment, triage, and responseContinuously improve incident investigation workflows and automation quality based on detection outputEngage with client security and IT infrastructure teams for new data source onboarding activities, including:Defining logging, parsing, normalization, and enrichment requirements to support current and planned detectionsValidating that ingested data is complete, normalized, and usable for detection engineeringTune rules, filters, and policies across SIEM and related security technologies (IDS, EDR, firewalls, etc.) to:Improve accuracy, visibility, and coverage while minimizing noiseEnsure consistent correlation and context across multiple technologiesPerform data mining and exploratory analysis of log sources to:Uncover and investigate anomalous activity and potential undetected attack patternsIdentify new detection opportunities and support proactive threat huntingAssist with the development and improvement of processes and procedures for:Detection lifecycle management (design, testing, deployment, monitoring, retirement)Improving incident response times, incident quality, and overall Managed Security functionsParticipate in client-facing security meetings to:Explain detection strategy, coverage, and improvementsPosition RequirementsExperience with Elastic Security and its core components (Elasticsearch, Logstash, Kibana, Filebeat, Elastic Agent), with a focus on detection engineering, rule creation, and data modelingStrong SIEM administration and configuration experience, particularly around detection use cases, correlation logic, and alert workflowsExperience writing tools or scripts to automate detection-related tasks, data quality checks, and integrations in Python or similar languagesDemonstrated ability to think creatively and build elegant detection solutions to complex security problemsExcellent verbal and written communication skills, including the ability to communicate detection logic and findings to both technical and non‑technical stakeholdersIncident handling/response experience, with a focus on using detections to support and improve IR workflowsDesire to work both independently and collaboratively with a larger managed services and client teamA strong appetite for learning, experimentation, and continuous improvement in detection engineering2–4 years of experience in Security Detection Engineering, Security Automation, or related disciplinesHands-on experience with common security technologies: IDS, Firewall, SIEM, SOAR, EDR, endpoint and network security toolsKnowledge of common security analysis tools & techniques, including log analysis, correlation, and anomaly detectionUnderstanding of common security threats, attack vectors, vulnerabilities, and exploits, and how they manifest in telemetryStrong regular expression skills and familiarity with query languages used in SIEM platformsCustomer service focused and portrays energy, professionalism, and welcoming characteristicsStrong ability to work in a highly sensitive and confidential environmentAbility to meet deadlines and perform effectively under pressureAbility to identify issues and help develop strategic and tactical plans for Managed Security and detection-related initiativesAbility to use good judgment and decision-making skills in ambiguous or complex detection and incident scenariosEducation and CertificationsBachelor’s Degree in Computer Science, Information Security, or related/equivalent educational or work experienceOne or more of the following certifications is preferred: CISSP, GCIA, GCIH, GPYC, GMON, GCDA, Elastic Certified EngineerThe compensation range indicated in this posting reflects the On-Target Earnings (“OTE”) for this role, which includes a base salary and any applicable target bonus amount.

This OTE range may vary based on the candidate’s relevant experience, qualifications, and geographic location.

Why AHEAD:Through our daily work and internal groups like Moving Women AHEAD and RISE AHEAD, we value and benefit from diversity of people, ideas, experience, and everything in between.We fuel growth by stacking our office with top-notch technologies in a multi-million-dollar lab, by encouraging cross department training and development, sponsoring certifications and credentials for continued learning.USA Employment Benefits include: - Medical, Dental, and Vision Insurance - 401(k) - Paid company holidays - Paid time off - Paid parental and caregiver leave - Plus more! See benefits https://www.aheadbenefits.com/ for additional details.

Use of AI:We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, assessing responses, or to capture recordings and create transcriptions or summaries during interviews.

These tools assist our recruitment team but do not replace human judgment.

Final hiring decisions are ultimately made by humans.If you would like more information about how your data is processed, please refer to the Candidate Privacy Notice or contact us at privacy@ahead.com.

You may opt-out of the review or analysis of your application and resume by AI tools by using the General Application.

Please include the role you wish to apply for in the Additional Information field.

You may also choose to opt-out of recording and transcription at any time, including after joining an interview.

Candidates will not be penalized for choosing to opt-out.Originally posted on Himalayas