Senior Detection Engineer - Remote

Come join Deepwatch’s team of world-class cybersecurity professionals and the brightest minds in the industry. If you're ready to challenge yourself with work that matters, then this is the place for you. We're redefining cybersecurity as one of the fastest growing companies in the U.S. – and we have a blast doing it!

Who We Are

Deepwatch is the leader in managed security services, protecting organizations from ever-increasing cyber threats 24/7/365. Powered by Deepwatch’s cloud-based security operations platform, Deepwatch provides the industry’s fastest, most comprehensive detection and automated response to cyber threats together with tailored guidance from dedicated experts to mitigate risk and measurably improve security posture. Hundreds of organizations, from Fortune 100 to mid-sized enterprises, trust Deepwatch to protect their business. 

Our core values drive everything we do at Deepwatch, including our approach to tackling tough cyber challenges. We seek out tenacious individuals who are passionate about solving complex problems and protecting our customers. At Deepwatch, every decision, process, and hire is made with a focus on improving our cybersecurity solutions and delivering an exceptional experience for our customers. By embracing our values, we create a culture of excellence that is dedicated to empowering our team members to explore their potential, expand their skill sets, and achieve their career aspirations, which is supported by our unique annual professional development benefit.

Deepwatch recognition includes:

  • 2023, 2022 and 2021 Great Place to Work® Certified
  • 2023 and 2022 Forbes America’s Best Startup Employers
  • 2023 and 2022 Fortress Cybersecurity Award
  • 2023 $180M Series C investment from Springcoast Capital Partners, Splunk Ventures, and Vista Credit Partners of Vista Equity Partners
  • 2022 Cigna Healthy Workforce Silver Designation
  • 2022 Cybersecurity Excellence Award for MDR

Position Summary:

Senior Detection Engineer

Reporting to the Manager, Detection Engineering the Senior Detection Engineer will serve as a subject matter expert in cybersecurity detections. This individual will participate in cybersecurity detection strategy, creation, tuning, validation, and correlation to ensure that Deepwatch customers have effective detections in place against an ever-changing threat landscape. Deepwatch Senior Detection Engineers perform a wide array of tasks in an effort to increase alert fidelity, reduce false positives, and better inform MDR Security Analysts within their squad. 

Senior Detection Engineers have a direct impact on customer security posture over time by increasing the operational efficiency and effectiveness of MDR Security Analysts and by aligning efforts with customer security priorities.

In this role, you’ll get to:

  • Develop and document new Detection Capabilities for customer environments
  • Work with customers to develop a comprehensive strategy for effective detections 
    • Leverage industry frameworks, such as MITRE ATT&CK Framework, for customer-facing alert improvement roadmap
    • Apply knowledge of common detection tools (Azure logging, command line logging, etc.) to advise customers on logging capabilities to expand applicable detection library
    • Confidently prioritize log sources for ingestion and enablement
  • Evaluate current monitoring and detection capabilities to identify areas for improvement
    • Conduct Detection Gap Analyses 
  • Manage detection capabilities to ensure appropriate coverage, effective operation, and adherence to Deepwatch standards
    • Detection Enablement
    • Detection Effectiveness (Tuning, Validation, etc.)
    • Detection Creation
  • Onboard assigned customers, establishing baseline detection coverage and detection enablement plan post onboarding
  • Ensure ingested log sources conform to CIM standards
  • Participate in training and mentoring of new hires

To be successful in this role, you’ll need:

  • Experience working and querying SIEM tools or other log-based data
  • Experience in engineering event detection & response tuning
  • Ability to engineer creative, scalable, and out-of-the-box solutions
  • Up to date with engineering best practices, security technology trends, tools, and frameworks
  • Experience in developing detections for attacker tactics, techniques, and procedures (TTPs)
  • Able to both investigate and create security rules in at least 1 SIEM
  • Understanding of general enterprise network architecture and security incident response
  • Understanding of common enterprise technologies and logging capabilities including Cloud, IDS/IPS, Firewalls, Active Directory, Anti-Virus/EDR, Proxies, and Email Gateway
  • Understanding of various attack frameworks such as MITRE ATT&CK and general adversarial / defensive security techniques (e.g. the Cyber Kill Chain, and NIST)
  • Ability to communicate and document technical information effectively towards various audiences
  • Ability to mentor other detection engineers

ITAR Compliance

This position will have access to customer data and as such is subject to International Traffic in Arms Regulations (ITAR). Upon application, candidates will be asked to confirm that they are a U.S. Person as defined by the following:

  • A citizen of the U.S.;
  • A lawful permanent resident of the United States; 
  • A person admitted to the United States as a refugee; or
  • A person that has been granted asylum by the United States government.

The intent of this requirement is not to verify employment eligibility overall, but to ensure compliance with import/export regulations. If you do not meet these requirements, we encourage you to apply for other open roles at Deepwatch. This information will be verified upon offer of employment.

Statutory Pay Disclosure:

For applicants in NYC, CO, CA, RI, and WA, the salary range for this role is $125,000 to $180,000 + stock options + benefits. Actual compensation may vary from posted hiring range based upon geographic location, work experience, education, and/or skill level.


What We Offer:

Deepwatch is excited to provide benefits designed to support team members and their families. Including:

  • Medical, dental, vision, and disability insurance
  • Flexible Time Off (FTO), 9 company holidays, sick leave and 8-Weeks Paid Parental Leave
  • Unique professional development benefits, starting at $3,000 annually
  • Wellness contests and monthly educational programs
  • 401(K) retirement program with employer match
  • Learn more here: Deepwatch Benefits

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates, so please don’t hesitate to apply — we’d love to hear from you.  Please review our DEI Statement here.

Deepwatch welcomes and encourages applications from people with disabilities and accommodations are available on request for candidates taking part in all aspects of the selection process. Please inform your recruiter or contact for further information.

All Deepwatch employees are expected to:

  • Be interested in and able to work remotely from a home office when not at a corporate office
  • Pass a pre-employment background and drug screen in accordance with applicable laws

Deepwatch is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, marital status, sexual orientation, gender identity, genetic information, protected veteran status, or any other characteristic protected by law.  In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.

By submitting your application, you agree that Deepwatch may collect your personal data for recruiting, global organization planning, and related purposes. The Deepwatch Privacy Policy explains what personal information we may process, where we may process your personal information, our purposes for processing your personal information, and the rights you can exercise over Deepwatch’s use of your personal information. 


Job Profile


Annual professional development benefit Professional development benefit Unique annual professional development benefit


Architecture Azure Azure logging Command line logging Cybersecurity Incident Response MITRE ATT&CK Framework Security Operations SIEM Splunk

  • Advise on logging capabilities
  • Conduct Detection Gap Analyses
  • Detection Creation
  • Detection Effectiveness
  • Detection Enablement
  • Develop detection strategy
  • Develop new Detection Capabilities
  • Evaluate monitoring capabilities
  • Leverage industry frameworks
  • Manage detection capabilities
  • Onboard customers
  • Prioritize log sources
  • Training