1

Siem Detection Engineer Jobs (NOW HIRING)

Detection Engineer

Chicago, IL · Hybrid

$100K - $140K/yr

The Security Operations Center is building the data foundation for threat detection-reliable pipelines that land security events in our SIEM platform. This is a software engineering role inside ...

Responsibilities : • Design, engineer, and implement security detection initiatives under the cybersecurity team lead. • Develop new detection logic for SIEM (Microsoft Sentinel) and network ...

Detection Engineer

Chicago, IL · On-site

$100K - $140K/yr

The Security Operations Center is building the data foundation for threat detection-reliable pipelines that land security events in our SIEM platform. This is a software engineering role inside ...

Senior Detection Engineer

San Antonio, TX · On-site

$95K - $130K/yr

Senior Detection Engineer Contract Length: 12+ months Location: Austin or San Antonio, Texas ... The work spans tuning SIEM platforms, sharpening IDS/IPS signatures, dissecting packet captures ...

Senior Detection Engineer #3279

San Antonio, TX · On-site

$94K - $129K/yr

Senior Detection Engineer Contract Length: 12+ months Location: Austin or San Antonio, Texas ... The work spans tuning SIEM platforms, sharpening IDS/IPS signatures, dissecting packet captures ...

Senior SIEM Engineer

$114K - $156K/yr

The Senior SIEM Engineer serves as the technical lead for the design, deployment, tuning, and ... Experience integrating SIEM with SOAR platforms, Endpoint Detection and Response tools, Continuous ...

SIEM Engineer LOCATION Tysons, VA 22182 CLEARANCE TS/SCI Full Poly (Please note this position ... Understanding of threat detection * Familiarity with security protocols * Ability to develop ...

next page

Showing results 1-20

Siem Detection Engineer information

See salary details

$25

$53

$76

How much do siem detection engineer jobs pay per hour?

As of Jul 13, 2026, the average hourly pay for siem detection engineer in the United States is $53.63, according to ZipRecruiter salary data. Most workers in this role earn between $43.27 and $62.26 per hour, depending on experience, location, and employer.

What is the difference between Siem Detection Engineer vs Security Analyst?

AspectSiem Detection EngineerSecurity Analyst
CertificationsCompTIA Security+, CEH, CISSP (preferred)CompTIA Security+, CEH, CISSP (preferred)
Work EnvironmentFocus on SIEM tools, log analysis, threat detectionBroader security monitoring, incident response, policy enforcement
Employer & Industry UsageIT security teams, cybersecurity firms, large enterprisesIT departments, security operations centers, government agencies

While both roles involve cybersecurity, a Siem Detection Engineer specializes in configuring and managing SIEM systems for threat detection, whereas a Security Analyst has a broader focus on monitoring security events, analyzing incidents, and implementing security policies. The roles often overlap but differ in scope and technical focus.

What are some common challenges faced by SIEM Detection Engineers when tuning detection rules, and how can they address them?

SIEM Detection Engineers often face challenges such as minimizing false positives, adapting to evolving threats, and ensuring detection rules remain relevant as the organization's environment changes. To address these challenges, engineers regularly review and refine correlation rules based on incident feedback, collaborate closely with SOC analysts and threat intelligence teams, and stay updated on emerging attack techniques. Continuous testing and validation of rules, as well as leveraging automation where possible, are key practices to maintain effective and actionable alerts.

What is a SIEM Detection Engineer?

A SIEM Detection Engineer is a cybersecurity professional responsible for designing, implementing, and maintaining Security Information and Event Management (SIEM) systems. They create and fine-tune detection rules to identify suspicious activities and potential threats within an organization's IT environment. Their role involves analyzing security logs, developing automated alerts, and collaborating with incident response teams to ensure rapid detection and response to security incidents. By continuously updating detection mechanisms, they help protect organizations from evolving cyber threats.

What are the key skills and qualifications needed to thrive as a SIEM Detection Engineer, and why are they important?

To thrive as a SIEM Detection Engineer, you need a strong background in cybersecurity, expertise in threat analysis, and experience with SIEM platforms, typically supported by a degree in computer science or related field and industry certifications like CISSP or GIAC. Mastery of tools such as Splunk, QRadar, or ArcSight, and scripting languages like Python or PowerShell, is commonly required. Analytical thinking, attention to detail, and effective communication are crucial soft skills for investigating incidents and collaborating with teams. These skills ensure proactive threat detection, rapid incident response, and the overall security of an organization's IT infrastructure.
More about Siem Detection Engineer jobs
What cities are hiring for Siem Detection Engineer jobs? Cities with the most Siem Detection Engineer job openings:
What states have the most Siem Detection Engineer jobs? States with the most job openings for Siem Detection Engineer jobs include:
What job categories do people searching Siem Detection Engineer jobs look for? The top searched job categories for Siem Detection Engineer jobs are:
Infographic showing various Siem Detection Engineer job openings in the United States as of July 2026, with employment types broken down into 93% Full Time, 5% Part Time, and 2% Contract. Highlights an 91% Physical, 2% Hybrid, and 7% Remote job distribution, with an average salary of $111,552 per year, or $53.6 per hour.
SIEM Detection Engineer (DoD TS Clearance)

SIEM Detection Engineer (DoD TS Clearance)

MartinFed

Washington, DC • On-site

Full-time

Posted 4 days ago

New


Job description

COMPANY OVERVIEW
Founded in 2007 in Huntsville, AL, MartinFed provides the U.S. government with customer-focused, performance-based solutions using technology and an empowered workforce as an engine to drive its customers' missions. Our goal is to attract the best and brightest within their field.
We invest in our people because they are our greatest asset. They cultivate our purpose, embody and reflect our core values, and define our culture. MartinFed's core values that set us apart are the following:
  • Be Driven - We are fueled by the hunger to learn more and do more.
  • Be Curious - We engage in continuous improvement - never accepting the status quo.
  • Be Humble - We seek honest feedback to strengthen our relationships.
  • Pursue Excellence - We strive to achieve extraordinary results and do not settle for mediocrity.

Strive for excellence and consider joining our growing team today!
JOB OVERVIEW
The SIEM Detection Engineer is responsible for developing, tuning, and maintaining the detection content that identifies security threats within government agencies. This role owns correlation searches, alerts, and security use cases built in Splunk, aligning detections to frameworks such as MITRE ATT&CK and incorporating threat intelligence. The Detection Engineer works closely with security analysts, threat intelligence teams, and the Data and Platform Engineers to ensure threats are detected accurately and with minimal noise.
Essential Functions:
  • Detection Development
    • Develop and optimize search queries, correlation searches, and alerts in SPL to proactively detect security threats, anomalies, and suspicious behavior.
    • Configure alerts to trigger automated responses or notifications based on predefined criteria.
  • Use Case Development
    • Design and implement security use cases mapped to MITRE ATT&CK and driven by threat intelligence and agency risk priorities.
    • Translate threat scenarios and requirements into actionable, testable detection logic.
  • Alert Tuning and Optimization
    • Tune detections to reduce false positives and alert fatigue while maintaining coverage.
    • Continuously review and refine detection performance against evolving threats.
  • Dashboards and Visualization
    • Design and build dashboards and visualizations that support SOC triage, investigation, and decision-making.
    • Present detection results and metrics in a clear, actionable manner.
  • Threat Detection and Response Support
    • Monitor and analyze security-related events to detect and help respond to potential threats.
    • Support incident response by providing detection context and refining content based on findings.
  • Detection Testing and Validation
    • Test and validate detections against known attack techniques and sample data before deployment.
    • Document detection logic, coverage, and expected outcomes.
  • Collaboration and Documentation
    • Collaborate with security analysts and threat intelligence teams to align detections with operational needs.
    • Maintain documentation and runbooks for detection content and response guidance.

Qualifications:
  • Detection development in SPL: correlation searches, scheduled searches, alerts, and thresholds
  • Security use case design mapped to MITRE ATT&CK
  • Alert tuning and false-positive reduction while maintaining coverage
  • Threat intelligence application and IOC/behavioral detection logic
  • Dashboard and visualization development for SOC triage and investigation
  • Detection testing and validation against known attack techniques and sample data
  • Working knowledge of Splunk Enterprise Security (ES): notable events, risk-based alerting (RBA), and data models
  • Understanding of the incident response lifecycle and SOC workflows
  • Familiarity with adversary tactics, techniques, and common attack patterns across endpoint, network, and cloud

PHYSICAL REQUIREMENTS & ENVIRONMENTAL CONDITIONS
  • Inside office environment.
  • Working on a computer for long periods of time.
  • May involve long period of sitting at a desk.
  • The work environment is fast-paced and sometimes involves extreme deadline pressures.

OTHER DUTIES
This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.
MartinFed is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regards to race, color, religion, religious creed, gender, sexual orientation, gender identity, gender expression, transgender, pregnancy, marital status, national origin, ancestry, citizenship status, age, disability, protected Veteran Status, genetics or any other characteristics protected by applicable federal, state or local law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. In addition to federal law requirements, MartinFed complies with all applicable state and local laws governing nondiscrimination in all locations.
If you are a qualified individual with a disability or disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access MartinFed's current openings as a result of your disability. You can request reasonable accommodations by calling 855.212.1810. Thank you for your interest in MartinFed.