Senior Cybersecurity Detection Engineer
Job Description
Calance US is seeking a Senior Cybersecurity Detection Engineer for an onsite role in Charlotte, NC. The position centers on SIEM-based detection engineering, data analysis, and algorithm development, with a focus on designing, deploying, and operationalizing detections across on‑prem, cloud, and SaaS environments.
Responsibilities
- Develop and refine detections by crafting correlations and algorithms, and by writing Python scripts that leverage security telemetry and enterprise data sources.
- Engage hands-on with SIEM and detection platforms such as Splunk or equivalent, configuring rules, optimizing alerts, and enhancing signal quality.
- Analyze large data sets through database queries (SQL or similar), across multiple data sources to identify meaningful signals for detection.
- Research threat scenarios and define required data sets in collaboration with Analysts, Focus Area Leads, and other subject-matter experts.
- Onboard new data feeds by reviewing documentation, assessing readiness, documenting feed attributes, and supporting onboarding efforts.
- Test and operationalize alerts through established team processes, including micro-playbook development and SOAR-related activities.
- Investigate security events by examining raw data, validating detections, and understanding network, endpoint, and cloud behaviors.
- Document detections, integrations, and processes clearly to ensure knowledge sharing across the team.
- Continue expanding technical breadth in applied data analysis, detection engineering techniques, and emerging automation approaches.
- Lead security problems or integrations from concept to deployment, ensuring practical implementation.
- Write Python scripts to connect data sources, ingest data, build correlations, and generate actionable detections.
- Understand the data underpinning detections, including what is populated, what is missing, and what requires improvement.
- Collaborate effectively with a high-performing team, sharing knowledge and avoiding isolated workflows.
- Deliver practical algorithms and tuned detections that improve enterprise security outcomes.
Requirements
- 3–5 years of professional experience in cybersecurity, detection engineering, or a closely related technical role.
- Hands-on experience with a SIEM, including authoring and tuning detection rules in Splunk or an equivalent platform.
- Strong Python skills applied in real-world environments, not solely academic exposure.
- Solid data analysis and querying experience, including SQL and handling large data sets.
- Experience joining data, analyzing patterns, and assessing relevance for threat detection.
- Solid understanding of network security fundamentals and how enterprise environments are defended.
- Strong communication skills with the ability to clearly explain technical work to teammates.
- A collaborative mindset, with success measured by team outcomes rather than individual visibility.
Technologies
- Python
- SQL
- Splunk
- CRIBL
- Palo Alto XSIAM
- Databricks
- Apache Spark