[Remote] Senior Detection Engineer (SIEM / Security Observability)

Note: The job is a remote job and is open to candidates in USA. Keeper Security is seeking a Senior Detection Engineer to advance detection engineering, SIEM operations, and security telemetry across a globally distributed, cloud-native environment. The role focuses on building and operating detection capabilities to enhance security visibility and operational readiness.

Responsibilities

• Design, build, and maintain detection and telemetry capabilities across Datadog, SentinelOne, and Wiz
• Develop, test, and tune high-fidelity detection rules aligned to real-world attack scenarios and adversary behaviors
• Continuously improve alert quality by reducing false positives, eliminating noise, and increasing detection accuracy
• Implement and mature detection-as-code practices for scalable, version-controlled, and testable rule management
• Define and enforce logging, telemetry, and instrumentation standards across cloud infrastructure, applications, endpoints, and identity systems
• Build and optimize log ingestion, parsing, normalization, enrichment, and retention pipelines
• Automate onboarding of new data sources and improve telemetry coverage across production and corporate environments
• Correlate signals across SIEM, EDR, cloud, identity, and security tooling to improve detection depth and investigation quality
• Partner with Security Operations to improve triage workflows, incident response readiness, and escalation quality
• Build dashboards, analytics, and reporting that support operational decision-making across Security, SRE, and Engineering
• Map and maintain detection coverage against MITRE ATT&CK and help identify visibility gaps
• Perform detection gap assessments and evolve use cases based on threat intelligence, threat hunting, and emerging risks
• Collaborate with cloud, infrastructure, product, and compliance teams to strengthen secure logging and observability patterns throughout the software development lifecycle

Skills

• 5–8+ years of experience in detection engineering, SIEM engineering, security engineering, or security observability
• Hands-on experience with SIEM, security analytics, or observability platforms, such as Datadog, SentinelOne, Splunk, Microsoft Sentinel, Elastic, or similar tools
• Experience building, tuning, and maintaining detection rules, correlation logic, and alerting workflows
• Strong understanding of security telemetry across cloud, endpoint, identity, and application environments
• Experience with log parsing, normalization, enrichment, and pipeline management
• Strong knowledge of cloud environments, with AWS preferred
• Proficiency in scripting or automation using Python, PowerShell, or similar
• Solid understanding of modern detection strategies, attacker behaviors, and the MITRE ATT&CK framework
• Ability to work cross-functionally with Security Operations, Engineering, Infrastructure, and SRE teams
• Experience with Datadog Cloud SIEM, SentinelOne, Wiz, or similar modern security platforms
• Experience with observability concepts including logs, metrics, traces, and instrumentation
• Experience with SOAR, workflow automation, or response orchestration
• Familiarity with Sigma or other detection-as-code frameworks
• Experience in high-scale SaaS, cloud-native, or security product environments
• Familiarity with zero-trust architectures, identity-centric security, and privileged access management

Benefits

• Medical, Dental & Vision (inclusive of domestic partnerships)
• Employer Paid Life Insurance & Employee/Spouse/Child Supplemental life
• Voluntary Short/Long Term Disability Insurance
• 401K (Roth/Traditional)
• A generous PTO plan that celebrates your commitment and seniority (including paid Bereavement/Jury Duty, etc)
• Above market annual bonuses

Company Overview