Senior Threat Detection Engineer

Job Description: • Design, implement, and tune detection rules and logic across SIEM, EDR, and cloud platforms. • Develop and maintain threat detection use cases based on MITRE ATT&CK and other frameworks. • Perform threat hunting and anomaly detection using behavioral analytics and telemetry. • Collaborate with IAM, Data Protection, cloud security, and engineering teams to improve detection coverage. • Analyze threat intelligence and integrate findings into detection strategies. • Directly monitor, test, and calibrate detection use cases; analyze data to minimize false positives and maximize actionable alerts—proposing and executing code changes to achieve measurable improvements. • Lead purple team exercises and detection validation efforts. • Maintain technical documentation by directly managing the materials and summaries of your own work and solutions, and by actively communicating updates to stakeholders. • Develop use-cases based on intelligence, red team results, and incident data • Write detection and correlation rules to identify threats across our stack • Assist in onboarding logs and identifying gaps in logs or alert results • Develop a deep understanding of data models, macros, indexes, sources, and field alias and the technology foundation our detection stack is built • Understand data schema/API standards, automation, and messaging systems • Bring a metric-driven mindset to our rules, signals (IOCs), and alerts • Other duties as assigned, we are one family and help each other. Requirements: • 5+ years of professional experience in two or more domains, including: detection engineering, data engineering, incident response, threat hunting, threat intelligence • Refine, validate and exercise our Threat Detection and Response Programs. • Ability to measure detection coverage across common frameworks (e.g. NIST CSF, MITRE, KC) and simplify rules and configurations to optimize alerts • Develop detection techniques to protect our evolving environment. • Ability to automate tasks via scripting, automating inputs and outputs of APIs, and programming skills such as python to enable detection engineering tasks • Exceptional interpersonal, organizational, and communication skills and ability to internalize and exemplify Lantern’s LIGHT Values. • Experience in healthcare or regulated industries. • Certifications such as GCDA, GCTI, OSCP, or similar. • Experience with Sigma rules, YARA, and threat modeling. • Hands-on technical contributor with demonstrated ability to execute and deliver engineering projects impacting security posture in complex and fast-changing environments. • Experience designing, coding, and deploying security solutions, comfortable with Python and at least one of: Java, Go, C++, JavaScript, Rust, SQL, or TypeScript. • Practical skills with security tools and scripting: you design, build, and maintain solutions, not just click in a UI. • Experience writing or refining detection logic for SIEM, EDR, NDR, WAF, or similar, and a record of tuning signals and controls for high fidelity and low noise through real-world testing and iteration. • Proven ability to analyze and defend modern cloud and on-premises environments: you know how to break and fix systems, leveraging tools like CloudTrail, Security Hub, etc. • Track record of hands-on threat hunting and incident response, using your engineering skill to create new detections and automate investigation processes. • In-depth knowledge of attacker TTPs and a technical mindset for designing countermeasures that can be implemented and measured. • Thrives in a team environment, supporting and mentoring peers with your engineering experience, and eager to tackle the next technical challenge. Benefits: • Medical Insurance • Dental Insurance • Vision Insurance • Short & Long Term Disability • Life Insurance • 401k with company match • Paid Time Off • Paid Parental Leave Apply tot his job