Senior Cybersecurity Detection Engineer

Calance US is seeking a Senior Cybersecurity Detection Engineer for an onsite role in Charlotte, NC. The position centers on SIEM-based detection engineering, data analysis, and algorithm development, with a focus on designing, deploying, and operationalizing detections across on‑prem, cloud, and SaaS environments.

Responsibilities

• Develop and refine detections by crafting correlations and algorithms, and by writing Python scripts that leverage security telemetry and enterprise data sources.
• Engage hands-on with SIEM and detection platforms such as Splunk or equivalent, configuring rules, optimizing alerts, and enhancing signal quality.
• Analyze large data sets through database queries (SQL or similar), across multiple data sources to identify meaningful signals for detection.
• Research threat scenarios and define required data sets in collaboration with Analysts, Focus Area Leads, and other subject-matter experts.
• Onboard new data feeds by reviewing documentation, assessing readiness, documenting feed attributes, and supporting onboarding efforts.
• Test and operationalize alerts through established team processes, including micro-playbook development and SOAR-related activities.
• Investigate security events by examining raw data, validating detections, and understanding network, endpoint, and cloud behaviors.
• Document detections, integrations, and processes clearly to ensure knowledge sharing across the team.
• Continue expanding technical breadth in applied data analysis, detection engineering techniques, and emerging automation approaches.
• Lead security problems or integrations from concept to deployment, ensuring practical implementation.
• Write Python scripts to connect data sources, ingest data, build correlations, and generate actionable detections.
• Understand the data underpinning detections, including what is populated, what is missing, and what requires improvement.
• Collaborate effectively with a high-performing team, sharing knowledge and avoiding isolated workflows.
• Deliver practical algorithms and tuned detections that improve enterprise security outcomes.

Requirements

• 3–5 years of professional experience in cybersecurity, detection engineering, or a closely related technical role.
• Hands-on experience with a SIEM, including authoring and tuning detection rules in Splunk or an equivalent platform.
• Strong Python skills applied in real-world environments, not solely academic exposure.
• Solid data analysis and querying experience, including SQL and handling large data sets.
• Experience joining data, analyzing patterns, and assessing relevance for threat detection.
• Solid understanding of network security fundamentals and how enterprise environments are defended.
• Strong communication skills with the ability to clearly explain technical work to teammates.
• A collaborative mindset, with success measured by team outcomes rather than individual visibility.

Technologies

• Python
• SQL
• Splunk
• CRIBL
• Palo Alto XSIAM
• Databricks
• Apache Spark