MisuJob - AI Job Search Platform MisuJob
Login Sign Up

Detection Engineer

LuminDigital

Remote- United States Remote permanent

Posted: April 8, 2026

Interested in this position?

Create a free account to apply with AI-powered matching

Register to Apply

Quick Summary

A Detection Engineer is responsible for building and maintaining detection systems that analyze security data to identify and respond to threats.

Required Skills

Detection Engineering SIEM EDR NDR Cloud-Native Platforms Terraform Sigma SOAR Automation Detection-as-Code Yara

Job Description

Basic Function

We are hiring a Detection Engineer to sit at the intersection of security operations and security engineering. This is not a traditional SOC analyst seat. AI-driven triage and SOAR platforms now handle the bulk of routine alert processing, and the analysts who thrive in the modern SOC are the ones who build the detections those platforms execute, author the automation playbooks that accelerate response, and hunt proactively for threats that evade automated pipelines.

You will own the full detection lifecycle—from threat intelligence intake and hypothesis formation through rule authoring, testing, deployment, and continuous tuning. You will also design and maintain SOAR playbooks and integrations that keep the SOC operating at machine speed, and you will serve as a hands-on incident responder when complex or novel threats demand human judgment and coordinated response.

This role operates with a high degree of autonomy. There is no daily task list handed to you — you are expected to self-direct priorities, identify gaps, and drive improvements without managerial prompting. Candidates who thrive here are self-directed, comfortable defining their own work, and consistently deliver without close supervision.

Essential Functions, Responsibilities, Experience:

Detection Engineering


Design, develop, tune, and maintain high-fidelity detection logic, including correlation rules, detection-as-code pipelines, and behavioral analytics, across SIEM, EDR, NDR, and cloud-native platforms, applying the judgment and pattern recognition that comes from deep hands-on experience with attacker behavior and enterprise environments.


Apply detection-as-code principles: version detection logic in Git, test in CI/CD pipelines, and deploy through automated workflows, including the use of Terraform, Sigma, Yara, and platform-specific query languages.


Map detection coverage to MITRE ATT&CK and maintain a living detection coverage matrix; identify and close gaps proactively.


Translate threat intelligence reports, red team findings, and incident post-mortems into actionable detection logic.


Manage signal-to-noise ratio across detection platforms through iterative rule logic refinement, suppression tuning, and threshold calibration, with the goal of maximizing automated fidelity and reducing analyst intervention.

SOAR, Automation & Response Orchestration


Design and build automated response playbooks and enrichment workflows using SOAR platforms, enabling the system to triage, enrich, and respond to high-confidence alert classes without manual analyst intervention.


Integrate SOAR with SIEM, EDR, threat intelligence platforms, ticketing systems, and cloud APIs via REST APIs and custom connectors.


Build tooling and scripts to accelerate the development of detection pipelines, log parsing, data normalization, and context enrichment.


Evaluate, configure, and optimize AI/ML-assisted triage capabilities; serve as the human-in-the-loop auditor validating AI-generated investigation narratives.


Maintain operational documentation, including runbooks, playbook logic diagrams, and integration dependency maps.

On-Call & Alert Operations


Participate in a rotating on-call schedule. During on-call weeks, primary responsibilities shift to triaging and reviewing incoming alerts, assessing events for incident response action, and tuning out false positive content to maintain alert fidelity. Ad hoc compliance requests will regularly interrupt planned work — this is expected and should be prioritized accordingly.

Incident Response & Threat Hunting


Serve as an escalation point for complex or novel security incidents, performing a deep-dive investigation across endpoint, network, identity, and cloud telemetry.


Contribute to the full incident response lifecycle: detection, analysis, containment, eradication, recovery, and lessons-learned documentation.


As part of the team's rotating duty, lead incident responses as the incident commander as needed, coordinating response activities across internal teams, vendors, and executive stakeholders with clarity and authority following established playbooks and structured approaches.


Conduct hypothesis-driven threat hunts using behavioral analytics, anomaly detection, and adversary TTP modeling.


Collaborate with team exercises to validate detection and response effectiveness; incorporate findings into the detection backlog.

Collaboration, Compliance & Continuous Improvement


Collect, organize, and present evidence of incident response lifecycle activities to support client due diligence requests and audits.


Contribute to security metrics reporting for leadership, providing timely and accurate measures such as case statistics, detection coverage, MTTD/MTTR, and TPR/FPR trends.


Collaborate with risk management and regulatory compliance to align detection and response capabilities with regulatory requirements and control frameworks relevant to financial services.


Perform other duties as assigned

Physical Demands:


While performing the duties of this Job, the employee is regularly required to sit; use hands to type, handle, or feel and talk or hear


Specific vision abilities required by this job include close vision


Ability to occasionally lift/move up to 25 pounds


Individuals with a disability who are otherwise able to perform the essential functions of the job may request reasonable accommodation through the Human Resources department.


Other physical activities may be required to support business operations.

Position Specifications

Education


Associate degree in Computer Science, Management Information Systems, Information Assurance, Information Security, Cybersecurity, or related field required; or equivalent self-study with demonstrated command of the knowledge, skills, and abilities outlined in this job description.


Certifications preferred: GCIH, GCIA, GCDA, GSOC, or similar detection engineering and incident response- focused credentials.

Experience

Required:


Five (5) years of experience in a relevant technology domain, including software engineering, information technology, systems administration, or information assurance required.


Five (5) years of demonstrated experience in detection engineering, security operations, or threat detection as a detection engineer, security engineer, high-tier SOC analyst, or similar role required.


Proven hands-on experience with SIEM platforms (e.g., Elastic Security, or similar), including writing and tuning detection rules.


Hands-on experience building and maintaining playbooks in at least one SOAR platform (e.g., Tines, or similar).


​​Demonstrated experience using AI-assisted development tools (e.g., Claude Code, Codex CLI, or similar) in a professional engineering or security workflow is required.


Experience with Git-based detection-as-code workflows, including version-controlled detection rules, test- driven development, and automated deployment, is required.


Experience leading or commanding security incident response efforts, including cross-functional coordination and stakeholder communication during active incidents, is required.


Experience with Amazon Web Services operational environments and related security offerings (e.g., GuardDuty, Inspector, Security Hub, and Security Lake) is required.

Preferred:


Hands-on experience with specific tooling in our stack: Uptycs, TheHive, SentinelOne.


Familiarity with fintech or banking security environments, including PCI-DSS compliance context.

Knowledge, Skills, & Abilities


Working proficiency with AI-assisted development tools (e.g., Claude Code, Codex CLI, or similar) is required. Candidates must demonstrate the ability to integrate these tools into day-to-day detection engineering and scripting workflows — including generating, reviewing, and iterating on AI-assisted code as part of a collaborative team environment.


Working proficiency in Python and shell scripting.


Deep working knowledge of MITRE ATT&CK techniques and tactics, the ‘Cyber Kill Chain’, and the ‘Pyramid of Pain’; ability to map adversary TTPs to detection strategies.


Deep technical knowledge of detection engineering principles, detection-as-code practices, SIEM architecture, and SOC operations in cloud-hosted environments.


Strong hands-on experience with SOAR platforms and the ability to design, build, and maintain automated enrichment and response workflows.


Strong hands-on experience with endpoint detection and response (EDR) tools, such as SentinelOne and Uptycs.


Engineering fluency with Git-based workflows: version control, branching strategies, pull request reviews, and CI/CD pipeline integration for detection content.


Strong understanding of cloud security principles, including containerization, orchestration, and IAM/KMS.


Ability to query and sift through large volumes of security-related data to surface critical events of interest and meaningful insights and trends.


Ability to prioritize under pressure, exercise sound independent judgment, and maintain confidentiality with sensitive information.


Calm, decisive approach with appropriate urgency and command authority during active security events.


Strong communication, interpersonal, and presentation skills, with the ability to convey technical findings clearly to both technical and non-technical audiences.


Ability to work remotely while maintaining high productivity, collaboration, and effectiveness with minimal supervision.


Strong drive to continuously improve detection fidelity, automation coverage, response speed, and overall security posture in a rapidly evolving field.


Must be able to pass required background checks to access sensitive information.

Travel


Minimal, generally 12 days or less per year; approximately 2 team on-site meetings per year.


LIFE AT LUMIN DIGITAL

Lumin Digital is a trailblazer in digital banking solutions, driven by a unique approach to technology, service, and people. We empower credit unions and banks by creating cutting-edge digital experiences that continuously serve, engage, and grow their membership base. Lumin is 100% cloud-native, purpose-built to unlock the full advantages of the cloud for financial institutions and their users.

At Lumin, we thrive on curiosity and innovation. Our culture fosters trust - in our expertise and decisions, respect - for diverse perspectives and talents, and boldness - in pursuing innovative paths. These values guide us, shaping a workplace where collaboration thrives, ideas flourish, and new possibilities are discovered. Focused on continuous improvement and innovation, we encourage our team to explore, experiment, and put new ideas into action, challenging the usual way of doing things.

Lumin Digital is an equal opportunity employer. We consider all qualified applicants without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender identity, or any other legally protected basis, in accordance with applicable law.

For more information, visit lumindigital.com.

Why Apply Through MisuJob?

AI-Powered Job Matching: MisuJob uses advanced artificial intelligence to analyze your skills, experience, and career goals. Our matching algorithm compares your profile against thousands of job requirements to find positions where you have the highest chance of success. This saves you hours of manual job searching and ensures you only see relevant opportunities.

One-Click Applications: Once you create your profile, applying to jobs is effortless. Your resume and cover letter are automatically tailored to highlight the most relevant experience for each position. You can apply to multiple jobs in minutes, not hours.

Career Intelligence: Beyond job matching, MisuJob provides valuable career insights. See how your skills compare to market demands, identify skill gaps to address, and understand salary benchmarks for your experience level. Make data-driven decisions about your career path.

Frequently Asked Questions

How do I apply for this position?

Click the "Register to Apply" button above to create a free MisuJob account. Once registered, you can apply with one click and track your application status in your dashboard.

Is MisuJob free for job seekers?

Yes, MisuJob is completely free for job seekers. Create your profile, get matched with jobs, and apply without any cost. We help you find your dream job without any hidden fees.

How does AI matching work?

Our AI analyzes your resume, skills, and experience to understand your professional profile. It then compares this against job requirements using natural language processing to calculate a match percentage. Higher matches mean better fit for the role.

Can I apply to jobs in other countries?

Absolutely. MisuJob features jobs from companies worldwide, including remote positions. Filter by location or look for remote opportunities to find jobs that match your preferences.

Ready to Apply?

Join thousands of job seekers using MisuJob's AI to find and apply to their dream jobs automatically.

Create Free Account Sign In
← Browse all jobs
Register to Apply