Threat Detection Engineer // REMOTE
Posted 5 days ago by 1752297095
Negotiable
Outside
Remote
USA
Summary: The Threat Detection Engineer role at Amtex Systems Inc involves designing, implementing, and maintaining advanced threat detection use cases within a hybrid SIEM environment. The position requires expertise in security detection engineering, including the creation of rules to identify potentially malicious activities. The ideal candidate will have extensive experience in both offensive and defensive security, focusing on protecting the organization from emerging cyber threats.
Key Responsibilities:
- Develop, optimize, and manage SIEM dashboards, searches, and alerts to identify potential security threats in real-time.
- Create and refine custom SIEM use cases, correlation rules, and detection logic to enhance threat visibility across systems and networks.
- Perform threat hunting and analyze log data to proactively identify anomalies and gaps in current use case library.
- Collaborate with incident response teams to investigate and mitigate security incidents, providing detailed forensic analysis when required.
- Maintain and tune SIEM deployments, ensuring data integrity, performance, and scalability.
- Integrate SIEM with other security tools and data sources to improve detection accuracy and coverage.
- Stay current on evolving cyber threats, attack techniques, and industry best practices to continuously improve detection strategies.
- Document processes, detection methodologies, and incident findings for knowledge sharing and compliance purposes.
Key Skills:
- 7+ years of experience in cybersecurity, with at least 4 years focused on SIEM use case development.
- Highly proficient in Splunk Enterprise Security (ES), including SPL (Search Processing Language), dashboard creation, and alert configuration.
- Strong understanding of network protocols, system logs, and security event analysis.
- Experience with threat intelligence integration and applying MITRE ATT&CK framework to detection efforts.
- Familiarity with scripting languages (e.g., Bash, Python, PowerShell) for automation and data analysis is a plus.
- Familiarity with offensive security tactics & techniques such as red teaming and advanced penetration testing is a plus.
- Relevant certifications such as Splunk Certified Power User, Splunk Certified Admin, or cybersecurity certifications such as OSCP, GPEN, GCIH, GCFE are highly preferred.
- Excellent problem-solving skills and the ability to work under pressure in a fast-paced environment.
Salary (Rate): undetermined
City: undetermined
Country: USA
Working Arrangements: remote
IR35 Status: outside IR35
Seniority Level: undetermined
Industry: IT
Amtex Systems Inc is an information technology and talent solutions company offering talent and BI consulting to the companies in US for over 25 years.
Our solutions are designed to fill resource gaps, by providing the right candidates who deliver value to the organization. Our propensity to nurture and build strong relationships with our clients helps us better understand their business demands and gives us the ability to provide services that are on time and rise above the rest.
Location: Remote
Employment Type: Contractor
** Need candidates with particular emphasis on security detection engineering (ie) creating the rules to detect potentially malicious activity.
**Need a detection engineer who has in-depth experience in both offensive and defensive security.
The ideal candidate will be responsible for designing, implementing, and maintaining advanced threat detection use cases within a hybrid SIEM environment. This role requires a deep understanding of security information and event management (SIEM), threat hunting, and incident analysis to protect our organization from emerging cyber threats.
Key Responsibilities:
Develop, optimize, and manage SIEM dashboards, searches, and alerts to identify potential security threats in real-time.
Create and refine custom SIEM use cases, correlation rules, and detection logic to enhance threat visibility across systems and networks.
Perform threat hunting and analyze log data to proactively identify anomalies and gaps in current use case library.
Collaborate with incident response teams to investigate and mitigate security incidents, providing detailed forensic analysis when required.
Maintain and tune SIEM deployments, ensuring data integrity, performance, and scalability.
Integrate SIEM with other security tools and data sources to improve detection accuracy and coverage.
Stay current on evolving cyber threats, attack techniques, and industry best practices to continuously improve detection strategies.
Document processes, detection methodologies, and incident findings for knowledge sharing and compliance purposes.
Qualifications:
7+ years of experience in cybersecurity, with at least 4 years focused on SIEM use case development.
Highly proficient in Splunk Enterprise Security (ES), including SPL (Search Processing Language), dashboard creation, and alert configuration.
Strong understanding of network protocols, system logs, and security event analysis.
Experience with threat intelligence integration and applying MITRE ATT&CK framework to detection efforts.
Familiarity with scripting languages (e.g., Bash, Python, PowerShell) for automation and data analysis is a plus.
Familiarity with offensive security tactics & techniques such as red teaming and advanced penetration testing is a plus.
Relevant certifications such as Splunk Certified Power User, Splunk Certified Admin, or cybersecurity certifications such as OSCP, GPEN, GCIH, GCFE are highly preferred.
Excellent problem-solving skills and the ability to work under pressure in a fast-paced environment.
Preferred Skills:
Knowledge of additional SIEM platforms or security tools (e.g., Elastic, QRadar, CrowdStrike).
Ability to mentor team members and contribute to a collaborative security culture.