ZipRecruiter

Log In

1

Siem Detection Engineer Jobs (NOW HIRING)

AHEAD

Senior SIEM Detection Engineer

Chicago, IL

$118K - $161.90K/yr

The Sr SIEM Detection Engineer will be primarily responsible for designing, implementing, and maintaining highfidelity detection content within our cloud-based SIEM solutions, and for driving ...

AHEAD USA

$106K - $145.30K/yr

The Sr SIEM Detection Engineer will be primarily responsible for designing, implementing, and maintaining high-fidelity detection content within our cloud-based SIEM solutions, and for driving ...

AHEAD

Senior SIEM Detection Engineer

Charleston, WV · Remote

$117.20K - $160.70K/yr

The Sr SIEM Detection Engineer will be primarily responsible for designing, implementing, and maintaining high‑fidelity detection content within our cloud-based SIEM solutions, and for driving ...

AHEAD

Senior SIEM Detection Engineer

$117.20K - $160.70K/yr

The Sr SIEM Detection Engineer will be primarily responsible for designing, implementing, and maintaining high-fidelity detection content within our cloud-based SIEM solutions, and for driving ...

ECS

SIEM Infrastructure and Detection Engineer

Portland, OR · On-site +1

$151.70K/yr

The SIEM Infrastructure and Detection Engineer supports a federal energy sector cybersecurity program by engineering, maintaining, and optimizing the SIEM infrastructure and security monitoring ...

Citigroup, Inc.

SIEM Content Developer, VP

Irving, TX · On-site

$118.10K - $122.90K/yr

Key Responsibilities SIEM Detection Engineering * Lead the design, development, testing, deployment, tuning, and optimization of advanced SIEM content within Splunk Enterprise Security . * Develop ...

Worldpay

Detection Engineer

Cincinnati, OH · On-site

Develop custom detection logic across SIEM, EDR, and other security tooling within a cutting-edge technology stack. * Leverage threat modeling, detection engineering frameworks, and other creative ...

Worldpay

Detection Engineer

Atlanta, GA · Hybrid

Develop custom detection logic across SIEM, EDR, and other security tooling within a cutting-edge technology stack. * Leverage threat modeling, detection engineering frameworks, and other creative ...

Worldpay

Detection Engineer

Cincinnati, OH · Hybrid

Develop custom detection logic across SIEM, EDR, and other security tooling within a cutting-edge technology stack. * Leverage threat modeling, detection engineering frameworks, and other creative ...

Deepwatch

Experience working and querying SIEM tools or other log-based data preferably Splunk * Experience in engineering event detection & response tuning * Ability to engineer creative, scalable, and out-of ...

Peraton

Detection Engineer

Herndon, VA · On-site

$66K - $106K/yr

Develop and maintain detection logic across SIEM, IDS/IPS, endpoint, and OT/DCI monitoring ... Coordinate with data engineers to ensure ingestion, normalization, and field mappings for high ...

next page

Showing results 1-20

People also search for

All JobsSiem Detection Engineer Jobs

Siem Detection Engineer information

See salary details

$25

$53

$76

How much do siem detection engineer jobs pay per hour?

As of May 28, 2026, the average hourly pay for siem detection engineer in the United States is $53.63, according to ZipRecruiter salary data. Most workers in this role earn between $43.27 and $62.26 per hour, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a SIEM Detection Engineer, and why are they important?

To thrive as a SIEM Detection Engineer, you need a strong background in cybersecurity, expertise in threat analysis, and experience with SIEM platforms, typically supported by a degree in computer science or related field and industry certifications like CISSP or GIAC. Mastery of tools such as Splunk, QRadar, or ArcSight, and scripting languages like Python or PowerShell, is commonly required. Analytical thinking, attention to detail, and effective communication are crucial soft skills for investigating incidents and collaborating with teams. These skills ensure proactive threat detection, rapid incident response, and the overall security of an organization's IT infrastructure.

What are some common challenges faced by SIEM Detection Engineers when tuning detection rules, and how can they address them?

SIEM Detection Engineers often face challenges such as minimizing false positives, adapting to evolving threats, and ensuring detection rules remain relevant as the organization's environment changes. To address these challenges, engineers regularly review and refine correlation rules based on incident feedback, collaborate closely with SOC analysts and threat intelligence teams, and stay updated on emerging attack techniques. Continuous testing and validation of rules, as well as leveraging automation where possible, are key practices to maintain effective and actionable alerts.

What is a SIEM Detection Engineer?

A SIEM Detection Engineer is a cybersecurity professional responsible for designing, implementing, and maintaining Security Information and Event Management (SIEM) systems. They create and fine-tune detection rules to identify suspicious activities and potential threats within an organization's IT environment. Their role involves analyzing security logs, developing automated alerts, and collaborating with incident response teams to ensure rapid detection and response to security incidents. By continuously updating detection mechanisms, they help protect organizations from evolving cyber threats.

What is the difference between Siem Detection Engineer vs Security Analyst?

AspectSiem Detection EngineerSecurity Analyst
CertificationsCompTIA Security+, CEH, CISSP (preferred)CompTIA Security+, CEH, CISSP (preferred)
Work EnvironmentFocus on SIEM tools, log analysis, threat detectionBroader security monitoring, incident response, policy enforcement
Employer & Industry UsageIT security teams, cybersecurity firms, large enterprisesIT departments, security operations centers, government agencies

While both roles involve cybersecurity, a Siem Detection Engineer specializes in configuring and managing SIEM systems for threat detection, whereas a Security Analyst has a broader focus on monitoring security events, analyzing incidents, and implementing security policies. The roles often overlap but differ in scope and technical focus.

More about Siem Detection Engineer jobs
What cities are hiring for Siem Detection Engineer jobs? Cities with the most Siem Detection Engineer job openings:
What states have the most Siem Detection Engineer jobs? States with the most job openings for Siem Detection Engineer jobs include:
What job categories do people searching Siem Detection Engineer jobs look for? The top searched job categories for Siem Detection Engineer jobs are:
Siem Detection Engineer jobs near you
Infographic showing various Siem Detection Engineer job openings in the United States as of May 2026, with employment types broken down into 8% Internship, 3% As Needed, 51% Full Time, 28% Part Time, 6% Temporary, and 4% Contract. Highlights an 95% Physical, and 5% Hybrid job distribution, with an average salary of $111,552 per year, or $53.6 per hour.
Senior SIEM Detection Engineer

Senior SIEM Detection Engineer

AHEAD

Chicago, IL

$118K - $161.90K/yr

Other

Medical, Dental, Vision, Retirement, PTO

Posted 22 days ago

Job description

AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation.
At AHEAD, we prioritize creating a culture of belonging, where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD.
We are an equal opportunity employer, and do not discriminate based on an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status, or any other protected characteristic under applicable law, whether actual or perceived.
We embrace all candidates that will contribute to the diversification and enrichment of ideas and perspectives at AHEAD.

The Managed Security Team at AHEAD monitors client environments and performs incident detection, validation, and reporting. The Sr SIEM Detection Engineer will be primarily responsible for designing, implementing, and maintaining highfidelity detection content within our cloud-based SIEM solutions, and for driving continuous improvement of AHEAD's Managed Security detection capabilities across all clients.

This is a technical, hands-on position that requires a strong understanding of the needs of a 24/7 Security Operations Center (SOC). We are looking for a candidate with deep SIEM, security operations, and detection engineering experience who will work closely with the Managed Security staff and other highly technical teams, both within AHEAD and in client environments, to continuously improve and enhance AHEAD's Managed Security SIEM detection strategy, rules, and content.

The ideal candidate possesses strong technical and analytical skills and can provide accurate analysis of security-related problems. They have a well-rounded networking and infrastructure background and are responsible for troubleshooting detection- and data-related issues in client environments. This individual is user-focused and works to resolve client needs in a timely manner. These needs may involve improving or tuning detections, investigating and responding to security threats, and making change requests to security policies and data collection configurations.

The Sr SIEM Detection Engineer is responsible for the day-to-day management and evolution of SIEM detection content used by the Managed Security Team to monitor client environments and detect security threats, including: data ingestion and normalization strategy, enrichment design, detection use case creation and tuning, alert quality and noise reduction, and detection performance monitoring. The Sr SIEM Detection Engineer is expected to be familiar with a wide range of security tools and understand core security detection and threat analysis fundamentals.

Roles and Responsibilities
  • Lead and perform detection content development within the SIEM platform (Elastic, Palo XSIAM, Crowdstrike), including:
    • Creation, tuning, and lifecycle management of detection rules, correlation rules, and analytic stories/use cases
    • Definition and maintenance of data models, normalization, and enrichment required to support highquality detections
    • Mapping detections to frameworks such as MITRE ATT&CK where applicable
    • Identify gaps in detection coverage based on incident trends, threat intelligence, and hunt activities
    • Reduce false positives and improve alert signaltonoise ratio through iterative tuning
    • Translate playbooks and incident response workflows into robust, testable detection.
  • Monitor and manage the health and performance of SIEM detection content, including:
    • Tracking detection firing patterns, volumes, and performance impact.
    • Conducting post-incident reviews to refine detections and create new coverage.
    • Ensuring detections remain aligned with client use cases, risk profiles, and contracted scope.
    • New and existing detections are prioritized based on risk, impact, and available data
  • Partner with AHEAD Managed Security and client resources in the design and implementation of new data visualizations and detection rules, including:
    • Building dashboards, visualizations, and investigative views that support triage and hunting
  • Collaborate with AHEAD Managed Security SOAR (Swimlane) engineering resources to:
    • Integrate SIEM detections with SOAR workflows for enrichment, triage, and response
    • Continuously improve incident investigation workflows and automation quality based on detection output
  • Engage with client security and IT infrastructure teams for new data source onboarding activities, including:
    • Defining logging, parsing, normalization, and enrichment requirements to support current and planned detections
    • Validating that ingested data is complete, normalized, and usable for detection engineering
  • Tune rules, filters, and policies across SIEM and related security technologies (IDS, EDR, firewalls, etc.) to:
    • Improve accuracy, visibility, and coverage while minimizing noise
    • Ensure consistent correlation and context across multiple technologies
  • Perform data mining and exploratory analysis of log sources to:
    • Uncover and investigate anomalous activity and potential undetected attack patterns
    • Identify new detection opportunities and support proactive threat hunting
  • Assist with the development and improvement of processes and procedures for:
    • Detection lifecycle management (design, testing, deployment, monitoring, retirement)
    • Improving incident response times, incident quality, and overall Managed Security functions
  • Participate in client-facing security meetings to:
    • Explain detection strategy, coverage, and improvements
Position Requirements
  • Experience with Elastic Security and its core components (Elasticsearch, Logstash, Kibana, Filebeat, Elastic Agent), with a focus on detection engineering, rule creation, and data modeling
  • Strong SIEM administration and configuration experience, particularly around detection use cases, correlation logic, and alert workflows
  • Experience writing tools or scripts to automate detection-related tasks, data quality checks, and integrations in Python or similar languages
  • Demonstrated ability to think creatively and build elegant detection solutions to complex security problems
  • Excellent verbal and written communication skills, including the ability to communicate detection logic and findings to both technical and nontechnical stakeholders
  • Incident handling/response experience, with a focus on using detections to support and improve IR workflows
  • Desire to work both independently and collaboratively with a larger managed services and client team
  • A strong appetite for learning, experimentation, and continuous improvement in detection engineering
  • 2-4 years of experience in Security Detection Engineering, Security Automation, or related disciplines
  • Hands-on experience with common security technologies: IDS, Firewall, SIEM, SOAR, EDR, endpoint and network security tools
  • Knowledge of common security analysis tools & techniques, including log analysis, correlation, and anomaly detection
  • Understanding of common security threats, attack vectors, vulnerabilities, and exploits, and how they manifest in telemetry
  • Strong regular expression skills and familiarity with query languages used in SIEM platforms
  • Customer service focused and portrays energy, professionalism, and welcoming characteristics
  • Strong ability to work in a highly sensitive and confidential environment
  • Ability to meet deadlines and perform effectively under pressure
  • Ability to identify issues and help develop strategic and tactical plans for Managed Security and detection-related initiatives
  • Ability to use good judgment and decision-making skills in ambiguous or complex detection and incident scenarios
Education and Certifications
  • Bachelor's Degree in Computer Science, Information Security, or related/equivalent educational or work experience
  • One or more of the following certifications is preferred: CISSP, GCIA, GCIH, GPYC, GMON, GCDA, Elastic Certified Engineer
The compensation range indicated in this posting reflects the On-Target Earnings ("OTE") for this role, which includes a base salary and any applicable target bonus amount. This OTE range may vary based on the candidate's relevant experience, qualifications, and geographic location.
Why AHEAD:
Through our daily work and internal groups like Moving Women AHEAD and RISE AHEAD, we value and benefit from diversity of people, ideas, experience, and everything in between.
We fuel growth by stacking our office with top-notch technologies in a multi-million-dollar lab, by encouraging cross department training and development, sponsoring certifications and credentials for continued learning.
USA Employment Benefits include:
- Medical, Dental, and Vision Insurance
- 401(k)
- Paid company holidays
- Paid time off
- Paid parental and caregiver leave
- Plus more! See benefits https://www.aheadbenefits.com/ for additional details.
Use of AI:
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, assessing responses, or to capture recordings and create transcriptions or summaries during interviews. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans.
If you would like more information about how your data is processed, please refer to the Candidate Privacy Notice or contact us at privacy@ahead.com.
You may opt-out of the review or analysis of your application and resume by AI tools by using the General Application. Please include the role you wish to apply for in the Additional Information field. You may also choose to opt-out of recording and transcription at any time, including after joining an interview. Candidates will not be penalized for choosing to opt-out.

Apply