Senior Detection Engineer (SIEM / Security Observability)

Senior Detection Engineer (SIEM / Security Observability) Remote, US Description Keeper Security is seeking a Senior Detection Engineer to advance detection engineering, SIEM operations, and security telemetry across a globally distributed, cloud‑native environment. This is a 100% remote position, with an opportunity to work a hybrid schedule for candidates based in the El Dorado Hills, CA or Chicago, IL metro areas. About Keeper Keeper Security is one of the fastest‑growing cybersecurity software companies that protects thousands of organizations and millions of people in over 150 countries. Its core offering, KeeperPAM®, is an AI‑enabled, cloud‑native platform that protects users, devices, and infrastructure from cyber attacks. About the Job As a Senior Detection Engineer, you will build and operate the detection and telemetry capabilities that power security visibility across Keeper’s production and corporate environments. Responsibilities Design, build, and maintain detection and telemetry capabilities across Datadog, SentinelOne, and Wiz Develop, test, and tune high‑fidelity detection rules aligned to real‑world attack scenarios and adversary behaviors Continuously improve alert quality by reducing false positives, eliminating noise, and increasing detection accuracy Implement and mature detection‑as‑code practices for scalable, version‑controlled, and testable rule management Define and enforce logging, telemetry, and instrumentation standards across cloud infrastructure, applications, endpoints, and identity systems Build and optimize log ingestion, parsing, normalization, enrichment, and retention pipelines Automate onboarding of new data sources and improve telemetry coverage across production and corporate environments Correlate signals across SIEM, EDR, cloud, identity, and security tooling to improve detection depth and investigation quality Partner with Security Operations to improve triage workflows, incident response readiness, and escalation quality Build dashboards, analytics, and reporting that support operational decision‑making across Security, SRE, and Engineering Map and maintain detection coverage against MITRE ATT&CK and help identify visibility gaps Perform detection gap assessments and evolve use cases based on threat intelligence, threat hunting, and emerging risks Collaborate with cloud, infrastructure, product, and compliance teams to strengthen secure logging and observability patterns throughout the software development lifecycle Requirements 5–8+ years of experience in detection engineering, SIEM engineering, security engineering, or security observability Hands‑on experience with SIEM, security analytics, or observability platforms, such as Datadog, SentinelOne, Splunk, Microsoft Sentinel, Elastic, or similar tools Experience building, tuning, and maintaining detection rules, correlation logic, and alerting workflows Strong understanding of security telemetry across cloud, endpoint, identity, and application environments Experience with log parsing, normalization, enrichment, and pipeline management Strong knowledge of cloud environments, with AWS preferred Proficiency in scripting or automation using Python, PowerShell, or similar Solid understanding of modern detection strategies, attacker behaviors, and the MITRE ATT&CK framework Ability to work cross‑functionally with Security Operations, Engineering, Infrastructure, and SRE teams Preferred Qualifications Experience with Datadog Cloud SIEM, SentinelOne, Wiz, or similar modern security platforms Experience with observability concepts including logs, metrics, traces, and instrumentation Experience with SOAR, workflow automation, or response orchestration Familiarity with Sigma or other detection‑as‑code frameworks Experience in high‑scale SaaS, cloud‑native, or security product environments Familiarity with zero‑trust architectures, identity‑centric security, and privileged access management Keeper Security, Inc. is an equal opportunity employer and a participant in the U.S. Federal E‑Verify program. We celebrate diversity and are committed to creating an inclusive environment for all employees. Classification: Exempt #J-18808-Ljbffr