Senior Detection Engineer - REMOTE

Description

Binary Defense is seeking an experienced and motivated Senior Detection Engineer to join our growing Detection Engineering team.

The Senior Detection Engineer combines deep threat landscape knowledge with a strong understanding of the telemetry source and EDR/SIEM platforms. This role is not just about building detections—it’s about guiding the Detection Engineering team to focus on the adversary behaviors that matter most, developing telemetry value scoring, and discovering detection strategies that that scale across diverse client environments.

You will serve as both a hands-on detection engineer and a thought leader: shaping the backlog with threat-informed priorities, ensuring coverage aligns with real-world risks, and helping us push our detection-as-code and automation pipelines to the next level. If you’re passionate about anticipating adversaries, automating detection workflows, and mentoring others to raise the bar, this role is for you. 

Key Responsibilities

• Lead threat-informed detection efforts by staying current with emerging adversary techniques, malware, and campaigns; ensure the detection backlog reflects the most relevant threats.
• Guide the Detection Engineering team on prioritization, coverage, and detection choke points that deliver the most meaningful risk reduction for clients.
• Design, implement, and validate detections across SIEM (Splunk, Sentinel, Chronicle) and EDR platforms (CrowdStrike, Cortex XDR, SentinelOne, Defender for Endpoint) using a detection-as-code approach.
• Assist with development of detection-as-code solutions using Python and REST APIs, enabling CI/CD pipelines for rule deployment, testing, and telemetry inspection.
• Collaborate with Threat Intel, IR, and SOC teams to transform intelligence into high-fidelity detection logic.
• Contribute to threat modeling and coverage mapping to identify gaps and reduce detection blind spots.
• Participate in adversary emulation and validation efforts (e.g., Atomic Red Team, custom tooling).
• Mentor junior engineers to better understand attack chains and how adversaries operate. Support threat research by building capabilities to extract threat intelligence insights from detection engineering efforts.  

Requirements

•  2–5+ years of hands-on experience in detection engineering, threat hunting, or incident response. 
• Strong proficiency with Python and REST APIs for interacting with EDR/SIEM platforms and automating detection workflows.
• Demonstrated experience writing, tuning, and validating detection logic in at least one of: Sigma, YARA-L, Splunk SPL, KQL, XQL.
• Experience with telemetry sources including Windows security logs, Sysmon, firewall/proxy logs, and cloud platform audit logs.
• Familiarity with MITRE ATT&CK and how to map detections to adversary techniques and detection choke points. 
• Ability to quickly learn new security technologies and adapt detection strategies accordingly. 
• Comfortable working in a fast-paced environment where threat-driven detection and rapid iteration are the norm.  

Preferred Qualifications

• Detection engineering experience in Microsoft Azure, AWS, and GCP a major plus Experience with Sentinel One, Cortex XDR, CrowdStrike, Microsoft Defender for Endpoint 
• Experience contributing to a detection-as-code pipeline (e.g., Git-based workflows, rule validation, CI/CD). 
• Exposure to multi-tenant or MDR environments and scaling detections across customer environments. 
• Familiarity with Sigma to YARA-L translation, or with detection rule normalization and enrichment workflows. 
• Experience in IR consulting and working across diverse EDR/SIEM stacks.  

Why Join Us?

• Work directly with world-class detection engineers in a GitOps-driven, threat-informed detection program. 
• Build detections that matter—designed to identify and disrupt adversaries, not just generate noise. 
• Contribute to a rapidly growing detection engineering practice that prioritizes automation, clarity, and operational efficiency.
• Stay hands-on with bleeding-edge attack simulation tools, advanced telemetry, and threat research.

About Binary Defense

Binary Defense is a trusted leader in security operations, supporting companies of all sizes to proactively monitor, detect and respond to cyberattacks. The company offers a personalized Open XDR approach to Managed Detection and Response, advanced Threat Hunting, Digital Risk Protection, Phishing Response, and Incident Response services, helping customers mature their security program efficiently and effectively based on their unique risks and business needs.

With a world-class 24/7 SOC, deep domain expertise in cyber, and sophisticated technology, hundreds of companies across every industry have entrusted Binary Defense to protect their business. Binary Defense gives companies actionable insights within minutes not hours, the confidence in their program to be resilient to ever-changing threats, and the time back that matters most to their business.

Binary Defense is also the Trusted Cybersecurity Partner of the Cleveland Browns and partners with PGA TOUR players. For more information, visit our website, check out our blog, or follow us on LinkedIn.

Binary Defense offers competitive medical, dental and vision coverage for employees and dependents, a 401k match which vests every payroll, a flexible and remote friendly work environment, as well as training opportunities to expand your skill set (to name a few!). If you’re interested in joining a growing team with great perks, we encourage you to apply!