Job Description
Insight Global is seeking a remote Detection Engineer to join a global consulting firm.
This person will work within the Security Operations team to help build the technical foundation of a continuous monitoring & detection program.
You will be the first Detection Engineer in the team, responsible for building advanced detections.
We use Splunk as our SIEM and have an MSSP, who currently handle L1 and L2 alert triage. Your mandate is to build the detection capability that sits above that - writing, validating, and owning detections that our CSIRT will depend on.
You will translate offensive security findings directly into detections, audit what we already have in Splunk, close coverage gaps, and build the governance that makes the program measurable and defensible. You will be working in an ambiguous, but large scale environment with a lot of unknowns, taking findings and turning them into actionable detections that genuinely contribute to the security posture of the organization.
Compensation:
$10/hr to $15/hr
Exact compensation may vary based on several factors, including skills, experience, and education.
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401K retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.
Required Skills & Experience
-5+ years of hands-on detection engineering experience (writing production detection rules and understand correlation)
-MITRE ATT&CK fluency - ability to think in techniques and map a red team finding to a detection gap
Knowledge of SPL - you can write effective Splunk searches and understand what makes a rule expensive or fragile
-Experience with at least one EDR platform at a detection level - CrowdStrike Falcon, Microsoft Defender for Endpoint, etc.
-Understanding of offensive security techniques (understand how attacks work at a technique level)
-Experience validating detections - atomic testing, purple team participation, or equivalent empirical validation methods
-Ability to work with incomplete data - can make a coverage decision with imperfect information and document the reasoning
Nice to Have Skills & Experience
-Purple team experience - either as a detection-side participant or having run exercises end-to-end
-Sigma rule authoring - vendor-agnostic detection development and the ability to translate rules across platforms
-Threat intelligence integration - consuming threat intel and translating it into detection requirements
-Risk-based alerting - understanding how to score and prioritize alerts rather than treating all alerts equally
-Offensive security background or certifications (OSCP, CRTE, or similar)
-Experience with CrowdStrike Falcon detection authoring specifically
-Familiarity with MITRE ATLAS for AI/ML threat scenarios
-Scripting ability (Python) - for detection automation, log parsing, or tooling integrations
-Experience writing or reviewing logging standards, detection standards, or security governance documentation
Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.