Detection Engineer

Responsibilities:

• Write and tune Intrusion Detection System rules grounded in observed network behavior to maintain dataset accuracy.
• Maintain and improve tag coverage by adding new tags, fixing broken ones, and de-duplicating overlaps to protect customers.
• Use internal CLI tooling to lint, test, and deploy detection rules and tags at scale, validating against real traffic.

Operational Execution:

• Triage a steady stream of inbound detection requests, CVEs, and internal coverage questions processed weekly.
• Ensure detections are wired correctly end-to-end, from raw data through rule logic to tag output for reliable performance.
• Flag edge cases, collisions, and unexpected behavior in tags or rules for deeper follow-up and resolution.

Collaboration and Impact:

• Work closely with researchers to keep them focused on longer-horizon projects by handling foundational detection work.
• Communicate clearly about work progress, blockers, and trade-offs to internal teams like sales and support.
• Develop reliable instincts for prioritizing detection issues to enable predictable, systematic coverage and faster answers.