Threat Detection Engineer
Epitec, Inc
Chicago, IL
Apply
JOB DETAILS
SALARY
$65–$70 Per Hour
SKILLS
Agile Programming Methodologies, Analysis Skills, Ansible, Automation, Backlog Prioritization, CISSP - Certified Information Systems Security Professional, Channel Strategies, Cloud Computing, Code Reviews, CompTIA Security+, Computer Science, Computer Security, Configuration Management, Content Development, Continuous Deployment/Delivery, Continuous Improvement, Continuous Integration, Data Modeling, Docker, Enterprise Protection, GCIA - GIAC Certified Intrusion Analyst, GCIH - GIAC Certified Incident Handler, Git, Incident Response, Information/Data Security (InfoSec), Insurance, Metrics, Object Modeling, Product Demonstration, Programming Tools, Python Programming/Scripting Language, Release Management/Engineering, Requirements Management, Risk, Security Information and Event Management (SIEM), Software Engineering, Source Code/Configuration Management (SCM), Splunk, Telemetry, Test Plan/Schedule, Testing
LOCATION
Chicago, IL
POSTED
1 day ago
Hybrid to Chicago, IL
$65-$70/hr
Responsibilities:
• Create Detection Content - Design, build, test, and maintain high-fidelity detections.
• Implement Detection-as-Code practices: version control, peer review, CI/CD pipelines, and automated validation for detection content and configuration.
• Develop and tune detection logic aligned to MITRE ATT&CK techniques and real-world adversary behavior (TTP-focused).
Collaborate in Purple Teaming Exercises
• Plan and execute purple team exercises and threat emulation using ATT&CK-driven test plans (e.g., Atomic Red Team/CALDERA/SafeBreach-style approaches).
• Measure detection coverage and response effectiveness; translate exercise findings into backlog items and measurable improvements.
Engineering Enablement & Operational Excellence
• Partner with SOC analysts, incident responders, and platform teams to improve signal-to-noise, alert workflows, and escalation quality.
• Contribute to logging strategy: define requirements, onboard new data sources, create parsing/normalization standards, and enrich events (lookups/context).
• Operate in an Agile/SAFe delivery model: manage backlog, user stories, sprint commitments, demos, and continuous improvement.
Governance, Metrics & Stakeholder Communication
• Define and track detection metrics (coverage, efficacy, false positive rate, mean time to detect, alert precision/recall proxies).
• Communicate risk and outcomes in business-relevant terms (especially helpful in regulated/insurance environments).
• Document detections, hunts, procedures, runbooks, and learning artifacts for repeatability and operational scaling.
Required Education
- Bachelor’s degree in Computer Science, Information Security, Engineering, or a related discipline
- Splunk Certifications: Core User, Power User, Admin; Splunk ES–focused training
- MITRE ATT&CK Training: Fundamentals, Detection Engineering, SOC Assessments, Purple Teaming
- Cloud Certifications:
- Google Cloud Digital Leader or Associate Cloud Engineer (security-focused experience preferred)
- Security Certifications (examples):
- GCIH, GCIA, CISSP, Security+, or comparable credentials
- Agile / SAFe Training or Certification (helpful for delivery alignment)
Skills & Experience
Required Skills (Core)
Detection Engineering & Security Analytics
- Strong experience building detections in a SIEM, preferably Splunk Enterprise Security, including:
- SPL, knowledge objects, data models, field extractions, lookups, and enrichment
- Expertise in detection engineering methodologies, including:
- Signal design, validation, tuning, alert routing, and lifecycle management
- Practical knowledge of MITRE ATT&CK, adversary TTPs, and mapping detections to ATT&CK techniques
- Proven ability to conduct threat hunts and investigations across:
- Endpoint, identity, network, and cloud telemetry
- Familiarity with analytic frameworks such as:
- Cyber Kill Chain, Diamond Model, and decision loops (e.g., OODA)
- Ability to apply structured analytic techniques to produce defensible conclusions and reduce cognitive bias
- Experience using CrowdStrike Falcon (or comparable EDR platforms) for:
- Detection, investigation, and response workflows
- Knowledge of endpoint artifacts and attacker tradecraft, including:
- Persistence, privilege escalation, credential access, and lateral movement
- Proficiency in Python for automation, enrichment, log parsing, analytics, and/or detection testing
- Strong working knowledge of Git, including branching, pull requests, and code reviews
- Comfort using developer tooling, including CLI-based editors (e.g., Vim)
- Experience applying CI/CD concepts to security content, such as:
- Pipelines, automated checks, and release management
- Hands-on familiarity with Google Cloud security logging and incident response concepts
- Working knowledge of containers (Docker) and Kubernetes fundamentals related to monitoring and incident response
- Experience with Infrastructure as Code tools such as:
- Terraform and configuration management tools like Ansible (at least for interpreting changes and supporting secure deployments)
#LI-EH2
About the Company
E
Epitec, Inc
Epitec is a leading staffing and recruiting services company with a mission to make staffing personal. We go beyond traditional hiring by truly understanding our candidates and matching them with the perfect opportunities. We offer competitive compensation, career growth, and support throughout the entire process. Working with top Fortune 500 companies, we are recognized for our excellence with numerous awards, including Best & Brightest and diversity recognitions. At Epitec, we're redefining the future of employment.
COMPANY SIZE
2,500 to 4,999 employeesINDUSTRY
Staffing/Employment Agencies
EMPLOYEE BENEFITS
Professional Development, 401K, Employee Referral Program, Life Insurance
FOUNDED
1978
WEBSITE
https://epitec.com/