Detection Engineer

Come join Deepwatchs team of world-class cybersecurity professionals and the brightest minds in the industry. If youre ready to challenge yourself with work that matters then this is the place for you. Were redefining cybersecurity as one of the fastest growing companies in the U.S. and we have a blast doing it!

Who We Are

Our core values drive everything we do at Deepwatch including our approach to tackling tough cyber challenges. We seek out tenacious individuals who are passionate about solving complex problems and protecting our customers. At Deepwatch every decision process and hire is made with a focus on improving our cybersecurity solutions and delivering an exceptional experience for our customers. By embracing our values we create a culture of excellence that is dedicated to empowering our team members to explore their potential expand their skill sets and achieve their career aspirations which is supported by our unique annual professional development benefit.

Deepwatch recognition includes:

• and 2021 Great Place to Work Certified
• 2024 Military Times Best for Vets Employers
• 2024 US Department of Labor Hire Vets Gold Award
• 2024 Forbes Americas Best Startup Employers
• 2024 Cyber Defense Magazine Global Infosec Awards
• 2023 and 2022 Fortress Cybersecurity Award
• 2023 $180M Series C investment from Springcoast Capital Partners Splunk Ventures and Vista Credit Partners of Vista Equity Partners
• 2022 Cybersecurity Excellence Award for MDR

Position Summary

Deepwatch is seeking a Detection Engineer to join our Threat Detection & Research team and help strengthen detection capabilities across customer environments. Reporting to the Sr. Manager Threat Detection & Research this role is responsible for developing tuning validating and optimizing cybersecurity detections that improve visibility into evolving threats and enhance the effectiveness of our MDR operations.

This role is ideal for a cybersecurity professional with strong analytical skills hands-on SIEM experience and a passion for threat detection engineering. You will work closely with Security Operations Threat Research Customer Success and Engineering teams to improve alert fidelity reduce false positives and ensure high-quality detection coverage aligned to modern attacker behaviors and customer security priorities.

In this role youll get to:

• Develop and document new Detection Capabilities for customer environments
• Work with customers to develop a comprehensive strategy for effective detections
• Leverage industry frameworks such as MITRE ATT&CK Framework for customer-facing alert improvement roadmap
• Apply knowledge of common detection tools (Azure logging command line logging etc.) to advise customers on logging capabilities to expand applicable detection library
• Confidently prioritize log sources for ingestion and enablement
• Evaluate current monitoring and detection capabilities to identify areas for improvement
• Conduct Detection Gap Analyses
• Manage detection capabilities to ensure appropriate coverage effective operation and adherence to Deepwatch standards
• Detection Enablement
• Detection Effectiveness (Tuning Validation etc.)
• Detection Creation
• Onboard assigned customers establishing baseline detection coverage and detection enablement plan post onboarding
• Ensure ingested log sources conform to CIM standards

To be successful in this role youll need:

• 35 years of experience in cybersecurity detection engineering threat detection or security operations
• Experience working for a Managed Security Service Provider (MSSP) or similar cybersecurity organization
• Experience working and querying SIEM tools or other log-based data preferably Splunk
• Experience in engineering event detection & response tuning
• Ability to engineer creative scalable and out-of-the-box solutions
• Up to date with engineering best practices security technology trends tools and frameworks
• Experience in developing detections for attacker tactics techniques and procedures (TTPs)
• Able to both investigate and create security rules in at least 1 SIEM
• Understanding of general enterprise network architecture and security incident response
• Understanding of common enterprise technologies and logging capabilities including Cloud IDS/IPS Firewalls Active Directory Anti-Virus/EDR Proxies and Email Gateway
• Understanding of various attack frameworks such as MITRE ATT&CK and general adversarial / defensive security techniques (e.g. the Cyber Kill Chain and NIST)
• Ability to communicate and document technical information effectively towards various audiences

Why Deepwatch

• Mission-driven company focused on protecting customers from threats 24/7
• Hybrid work model in India with access to collaborative office space in Bangalore
• High-impact leadership role with strong visibility across Product & Engineering
• Competitive compensation equity and benefits
• A company recognized as a Great Place to Work for five consecutive years
• Opportunity to shape the future of cybersecurity and AI-driven platforms