Cyber Operations Senior Detection Engineer

ABOUT ROLE The Senior Detection Engineer is a technical specialist within the Global Security Operations Centre (GSOC), based in Gaithersburg, Maryland, working with the Director, Cyber Security Detection Engineering. The role is characterised by leadership of detection content development initiatives that protect enterprise assets across cloud, on‑premises, and OT/ICS environments. Responsibility is held for the design, implementation, and optimisation of detection logic through which threats are identified, investigated, and mitigated with precision and efficiency. WHAT YOU'LL DO Detection engineering initiatives: oversee detection engineering efforts across multiple projects spanning threat coverage, detection logic development, and efficacy validation; technical guidance is provided to ensure that detection capabilities address the most significant threats across all technology domains. Advanced detection frameworks and methodologies: implement detection engineering frameworks to enhance the organisation's defensive posture through improved threat coverage, reduced false positives, and accelerated threat identification; industry guidelines for detection engineering are adopted and tailored to organisational requirements. Enterprise‑wide detection content library development and management: design and optimise detection libraries to ensure comprehensive coverage of adversary tactics, techniques, and procedures as defined by frameworks such as MITRE ATT&CK; detection logic is developed that balances sensitivity with operational efficiency. Detection development oversight: provide technical guidance of detection development operations including coordination with external suppliers and platform vendors for comprehensive threat coverage; detection performance is monitored and issues are called out and resolved in collaboration with relevant collaborators. Proactive detection development and coverage management: proactively expand detection coverage through periodic assessments of threat landscape evolution, detection gaps, and emerging attack techniques; critical coverage deficiencies are identified and resolution is driven through systematic detection development. Stakeholder management: maintain engagement with security leadership to communicate emerging detection requirements driven by threat intelligence and incident findings; strategic action plans are proposed for addressing coverage gaps and enhancing detection capabilities. External partner relationship management: maintain and develop relationships with external partners, threat intelligence providers, and industry peers to identify innovative detection approaches and emerging techniques applicable to enterprise defence. AS A SPECIALIST Technical guidance and expertise: support the definition of detection standards, development methodologies, and quality frameworks within the detection engineering domain; critical detection failures are addressed through deep technical knowledge and systematic analysis. Continuous improvement: find opportunities to improve and enhance the performance of detection logic, reduce false positives, and improve threat identification accuracy; opportunities for detection automation and orchestration are pursued proactively. Implement innovative detection engineering solutions: identify and manage new detection engineering solutions including adoption of new detection techniques, behavioural analytics, and machine learning approaches; training and organisational change activities are led to ensure successful adoption. Technical guidance and mentorship: provide ongoing technical guidance and mentoring to detection engineering team members and security analysts regarding detection logic development, threat hunting techniques, and effective use of detection platforms. Maintain training and awareness materials: develop and maintain training and awareness materials regarding detection engineering practices, threat actor TTPs, and effective investigation methodologies; knowledge is shared to enable security operations teams to leverage detection capabilities effectively. KNOWLEDGE, EXPERIENCE, AND UNDERSTANDING OF: Detection Engineering Fundamentals: Deep expertise in detection logic design, threat modelling, and coverage mapping; extensive experience with detection development across diverse platforms and environments applied to enterprise‑scale operations. Threat detection frameworks: Comprehensive familiarity with MITRE ATT&CK, Cyber Kill Chain, and detection engineering methodologies; understanding of how adversary techniques manifest across different technology domains and how detection logic must be adapted accordingly. Detection platforms and tooling: Substantial hands‑on experience with enterprise detection platforms including SIEM, EDR, NDR, and cloud‑native security services; advanced proficiency in platform‑specific query languages, rule formats, and detection logic development. Working knowledge of how threat intelligence is consumed and turned into actionable detection logic. Understanding of indicator types, threat actor TTPs, and prioritisation of detection based on intelligence. Scripting and automation: Advanced proficiency in scripting languages such as Python, PowerShell, or similar for detection logic development and automation tasks; experience with detection‑as‑code practices and version control for detection content. Detection formats and standards: Extensive experience with standardised detection formats including Sigma rules, YARA signatures, and platform‑specific query languages; ability to develop detection logic that is portable and maintainable across platforms. Performance optimisation: Deep understanding of detection tuning, false positive reduction, and query optimisation techniques; proven ability to balance detection sensitivity with operational efficiency. OT/ICS detection considerations: Familiarity with operational technology environments and the unique constraints affecting detection in industrial settings; awareness of safety implications and availability requirements that influence detection approaches. Purple team collaboration: Experience working with offensive security teams to validate detection efficacy and identify coverage gaps; understanding of how adversary emulation informs detection improvement. MINIMUM SKILLS & EXPERIENCE REQUIRED Education: Bachelor's degree in information security, computer science, or related field (or equivalent experience). Technical expertise: At least five (5) years of experience in detection engineering, preferably within security operations centres or detection engineering teams; demonstrated success in leading detection initiatives and implementing innovative approaches at enterprise scale. Detection platform expertise: Deep hands‑on experience with at least one major detection platform including advanced detection logic development, tuning, and validation; recognised internally as an expert in detection capabilities and standards. Threat landscape knowledge: Working experience with threat intelligence, adversary TTPs, and attack techniques across cloud, on‑premises, and OT environments; familiarity with how threats evolve and how detection strategies must adapt. Global collaboration: Experience working in a global organisation with geographically dispersed teams and partners, including matrix working environments; ability to coordinate across time zones and cultural contexts. Collaborator engagement: At least five (5) years of experience collaborating with security operations teams, incident responders, and threat intelligence analysts to identify, document, and address detection requirements; proven ability to manage relationships and communications with third‑party suppliers and vendors. Project delivery: Experience delivering and managing large‑scale detection engineering projects including planning, execution, and organisational change; ability to navigate dependencies across multiple teams and technical domains. Problem‑solving and innovation: Recognised internally as an expert problem solver for complex detection challenges; track record of designing, shaping, and implementing innovative detection solutions that address emerging threats. Ability to adapt communication style and interact confidently to influence diverse audiences based on their outstanding perspectives. Skilled in facilitating collaboration through open dialogue and information exchange. Mentoring and guidance: Proactive engagement with teams for coaching and mentoring from both technical and behavioural standpoints; commitment to enabling skill‑building and fostering a healthy ecosystem of knowledge sharing across detection engineering and security operations teams. When we put unexpected teams in the same room, we unleash bold thinking with the power to encourage life‑changing medicines. In‑person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we’re not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world. The annual base pay for this position ranges from $136,044.00 - $204,066.00 USD Annual. Hourly and salaried non‑exempt employees will also be paid overtime pay when working qualifying overtime hours. Base pay offered may vary depending on multiple individualized factors, including market location, job‑related knowledge, skills, and experience. In addition, our positions offer a short‑term incentive bonus opportunity; eligibility to participate in our equity‑based long‑term incentive program (salaried roles), to receive a retirement contribution (hourly roles), and commission payment eligibility (sales roles). Benefits offered included a qualified retirement program [401(k) plan]; paid vacation and holidays; paid leaves; and, health benefits including medical, prescription drug, dental, and vision coverage in accordance with the terms and conditions of the applicable plans. Additional details of participation in these benefit plans will be provided if an employee receives an offer of employment. If hired, employee will be in an at‑will position and the Company reserves the right to modify base pay (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors. Are you ready to bring new insights and fresh thinking to the table? Fantastic! We have one seat available, and we hope it’s yours. Apply today. AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry‑leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We follow all applicable laws and regulations on non‑discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements. #J-18808-Ljbffr AstraZeneca