[Remote] Senior Detection Engineer (SIEM / Security Observability)

Remote Full-time
Note: The job is a remote job and is open to candidates in USA. Keeper Security is seeking a Senior Detection Engineer to advance detection engineering, SIEM operations, and security telemetry across a globally distributed, cloud-native environment. The role focuses on building and operating detection capabilities to enhance security visibility and operational readiness.ResponsibilitiesDesign, build, and maintain detection and telemetry capabilities across Datadog, SentinelOne, and WizDevelop, test, and tune high-fidelity detection rules aligned to real-world attack scenarios and adversary behaviorsContinuously improve alert quality by reducing false positives, eliminating noise, and increasing detection accuracyImplement and mature detection-as-code practices for scalable, version-controlled, and testable rule managementDefine and enforce logging, telemetry, and instrumentation standards across cloud infrastructure, applications, endpoints, and identity systemsBuild and optimize log ingestion, parsing, normalization, enrichment, and retention pipelinesAutomate onboarding of new data sources and improve telemetry coverage across production and corporate environmentsCorrelate signals across SIEM, EDR, cloud, identity, and security tooling to improve detection depth and investigation qualityPartner with Security Operations to improve triage workflows, incident response readiness, and escalation qualityBuild dashboards, analytics, and reporting that support operational decision-making across Security, SRE, and EngineeringMap and maintain detection coverage against MITRE ATT&CK and help identify visibility gapsPerform detection gap assessments and evolve use cases based on threat intelligence, threat hunting, and emerging risksCollaborate with cloud, infrastructure, product, and compliance teams to strengthen secure logging and observability patterns throughout the software development lifecycleSkills5–8+ years of experience in detection engineering, SIEM engineering, security engineering, or security observabilityHands-on experience with SIEM, security analytics, or observability platforms, such as Datadog, SentinelOne, Splunk, Microsoft Sentinel, Elastic, or similar toolsExperience building, tuning, and maintaining detection rules, correlation logic, and alerting workflowsStrong understanding of security telemetry across cloud, endpoint, identity, and application environmentsExperience with log parsing, normalization, enrichment, and pipeline managementStrong knowledge of cloud environments, with AWS preferredProficiency in scripting or automation using Python, PowerShell, or similarSolid understanding of modern detection strategies, attacker behaviors, and the MITRE ATT&CK frameworkAbility to work cross-functionally with Security Operations, Engineering, Infrastructure, and SRE teamsExperience with Datadog Cloud SIEM, SentinelOne, Wiz, or similar modern security platformsExperience with observability concepts including logs, metrics, traces, and instrumentationExperience with SOAR, workflow automation, or response orchestrationFamiliarity with Sigma or other detection-as-code frameworksExperience in high-scale SaaS, cloud-native, or security product environmentsFamiliarity with zero-trust architectures, identity-centric security, and privileged access managementBenefitsMedical, Dental & Vision (inclusive of domestic partnerships)Employer Paid Life Insurance & Employee/Spouse/Child Supplemental lifeVoluntary Short/Long Term Disability Insurance401K (Roth/Traditional)A generous PTO plan that celebrates your commitment and seniority (including paid Bereavement/Jury Duty, etc)Above market annual bonusesCompany OverviewKeeper Security is transforming cybersecurity for millions of individuals and thousands of organizations globally. It was founded in 2011, and is headquartered in Chicago, Illinois, USA, with a workforce of 501-1000 employees. Its website is https://www.keepersecurity.com.

Apply Now →
← Back