Senior Manager, Cybersecurity Detection Engineering

This onsite role in Atlanta, GA leads a Detection Engineering team to design, implement, and advance Cox Automotive's cyber defense program.

Responsibilities

• Develop and communicate the detection engineering strategy, roadmap, and clear objectives to guide the team.
• Architect and implement advanced threat detection across SIEM, EDR, NDR, and SOAR platforms.
• Create custom detection rules and automated remediation playbooks and alerts tailored to enterprise and customer security needs.
• Apply the MITRE ATT&CK framework to map coverage and close detection gaps.
• Monitor and optimize detection systems for performance, scalability, and effectiveness.
• Partner with Threat Detection and Response to enhance identification, management, and response to threats.
• Conduct attack simulations and purple-team exercises with Vulnerability Management to validate use cases.
• Oversee SIEM and Data Lake data management and log ingestion infrastructure in collaboration with Cyber Defense Engineering.
• Evaluate, validate, tune, and sunset detection capabilities as appropriate.
• Maintain operational guidelines, diagrams, and documentation for security detection and response.
• Collaborate with Incident Response to ensure rapid detection and containment of cyber threats.
• Provide technical guidance to develop detection use cases during high-severity security incidents.
• Continuously improve detection and response processes based on lessons learned from incidents.
• Perform additional duties as needed to address emerging security threats facing the enterprise.
• Provide off-hour support for security administration, detection, and response activities.
• Leverage threat intelligence to enhance detection capabilities and proactively mitigate risks.
• Identify and analyze new and emerging threat vectors and integrate them into detection strategies.
• Collaborate with cybersecurity, engineering, and product teams to align detection strategies with organizational objectives.
• Communicate detection capabilities and findings to technical and non-technical stakeholders, including executive leadership.
• Ensure all detection processes and tools comply with regulatory requirements and industry standards (e.g., GDPR, PCI-DSS, NIST).
• Establish and maintain documentation of detection strategies, processes, and configurations.
• Demonstrate a track record of building scalable organizations with world-class threat detection capabilities.
• Perform security investigations at scale across endpoint, cloud, identity, network, and email threats.
• Work with internal IT teams and external MSSPs to operationalize detection use cases for WAF, DDoS Protection, Email, DLP, AV, and Endpoint security.
• Hands-on experience with detection and response tools for network, endpoints, cloud, identity, and SOAR platforms.
• Apply threat intelligence to identify new threat vectors and incorporate them into detection strategies.
• Lead projects to improve security monitoring and response capabilities.
• Maintain strong security engineering and architecture foundations to optimize monitoring effectiveness.
• Demonstrate solid knowledge of Linux, MacOS, and Windows internals.
• Communicate security issues effectively to management and stakeholders.
• Maintain detection use cases and SIEM configuration guidelines and standards.
• Create and manage operational metrics to increase team efficiency and quality.
• Mentor and develop detection engineering talent, fostering a high-performing team.
• Build relationships with organizational leaders, define roadmaps, and drive initiatives to completion.
• Incorporate machine learning concepts related to predictive analytics into detection strategies.

Requirements

• Bachelor's degree in Computer Science or equivalent and 8+ years of industry experience; alternative combinations: master's with 6 years, PhD with 3 years, or 20 years in a related field.
• 3+ years of management or leadership experience with direct people management responsibilities.
• 5+ years in an Incident Response or Security Operations role.
• Multi-cloud security experience (AWS, Azure, GCP).
• Expert level knowledge in Detection Engineering and Security Operations.
• Strong experience with Information Security, Network Security, Security Monitoring, and Incident Response.
• Strong experience developing SIEM and SOAR detection and automation use cases.
• Working experience with Threat Intelligence, Firewalls, SASE, IPS, Endpoint Security, DLP, SIEM/SOAR, and Data Lakes.
• Expert level knowledge of the attack kill chain and the diamond model.
• Authorized to work in the United States without sponsorship now or in the future (no OPT, CPT, STEMOPT, or visa sponsorship).
• Desirable: GSEC, GCIA, GFE, GCFA, CISA, CISSP, CISM, or CIA certifications; Development/DevOps/Engineering/Network/System Administration experience.

Technologies

• SIEM, EDR, NDR, SOAR, MITRE frameworks
• WAF, DDoS Protection, Email systems, DLP, AV, Endpoint security technologies
• Threat Intelligence, Firewalls, SASE, IPS, Data Lakes
• Linux, MacOS, Windows
• Log ingestion, Data Lake data management

Benefits

• Paid vacation with pay
• Seven paid holidays per year
• Up to 160 hours of paid wellness annually
• Bereavement leave
• Time off to vote
• Jury duty leave
• Volunteer time off
• Military leave
• Parental leave

Compensation

• USD 178,200 - 297,000 per year
• Base salary within the stated range; final amount depends on location, knowledge, skills, and abilities; may include incentive program

Who You Are

• Minimum Qualifications: Bachelor's degree in Computer Science or equivalent and 8+ years of related experience; alternative combinations as noted; 3+ years of management; 5+ years IR/Security Operations.
• Desirable: GSEC, GCIA, GFE, GCFA, CISA, CISSP, CISM, or CIA certifications; Development/DevOps/Engineering/Network/System Administration experience.