ZipRecruiter

Log In

1

Siem Detection Engineer Jobs (NOW HIRING)

Lumin Digital

Detection Engineer

Charleston, WV ยท Remote

Detection Engineering * Design, develop, tune, and maintain high-fidelity detection logic ... Integrate SOAR with SIEM, EDR, threat intelligence platforms, ticketing systems, and cloud APIs via ...

Lumin Digital

Detection Engineer

Detection Engineering * Design, develop, tune, and maintain high-fidelity detection logic ... Integrate SOAR with SIEM, EDR, threat intelligence platforms, ticketing systems, and cloud APIs via ...

Datavant

Detection Engineer

New York, NY

$124K - $155K/yr

... join our Detection Engineering team. This role is responsible for designing, building, and ... Create and tune detections using tools such as CrowdStrike, Zscaler, SIEM platforms, and DLP ...

Datavant

Detection Engineer

$124K - $155K/yr

... join our Detection Engineering team. This role is responsible for designing, building, and ... Create and tune detections using tools such as CrowdStrike, Zscaler, SIEM platforms, and DLP ...

Leidos

Threat Detection Engineer

Arlington, VA ยท On-site

$131.30K - $237.35K/yr

Threat Detection Engineering plays a crucial role in defending an organization by building ... Strong expertise in SIEM platforms and familiarity with query languages (e.g. SPL, KQL)

Ciena

Product Security Detection Engineer

Hanover, MD

$76.60K - $122.40K/yr

This role is ideal for someone with strong experience in security engineering, telemetry, SIEM ... Lead the design and implementation of Ciena's Detection Engineering framework, covering logging ...

Leidos

Threat Detection Engineer

Arlington, VA

$131.30K - $237.35K/yr

Threat Detection Engineering plays a crucial role in defending an organization by building ... Strong expertise in SIEM platforms and familiarity with query languages (e.g. SPL, KQL)

Chainalysis

Staff Threat Detection Engineer

$175K - $240K/yr

The Detection and Response Engineering (DaRE) team protects Chainalysis corporate assets and ... Design and maintain scalable detection logic across SIEM, EDR, and cloud logging platforms (AWS/GCP)

McKesson

Lead Threat Detection Engineer

Irving, TX ยท On-site +1

$139K - $231.60K/yr

Splunk SPL knowledge and SIEM experience or additional SIEM background Following Qualifications ... detection engineering, data engineering, incident response, threat hunting, threat intelligence.

Cymertek

SIEM Engineer

Reston, VA ยท On-site

SIEM Engineer LOCATIONReston, VA 20190 CLEARANCETS/SCI Full Poly (Please note this position ... Understanding of threat detection * Familiarity with security protocols * Ability to develop ...

next page

Showing results 1-20

People also search for

All JobsSiem Detection Engineer Jobs

Siem Detection Engineer information

See salary details

$25

$53

$76

How much do siem detection engineer jobs pay per hour?

As of May 29, 2026, the average hourly pay for siem detection engineer in the United States is $53.63, according to ZipRecruiter salary data. Most workers in this role earn between $43.27 and $62.26 per hour, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a SIEM Detection Engineer, and why are they important?

To thrive as a SIEM Detection Engineer, you need a strong background in cybersecurity, expertise in threat analysis, and experience with SIEM platforms, typically supported by a degree in computer science or related field and industry certifications like CISSP or GIAC. Mastery of tools such as Splunk, QRadar, or ArcSight, and scripting languages like Python or PowerShell, is commonly required. Analytical thinking, attention to detail, and effective communication are crucial soft skills for investigating incidents and collaborating with teams. These skills ensure proactive threat detection, rapid incident response, and the overall security of an organization's IT infrastructure.

What are some common challenges faced by SIEM Detection Engineers when tuning detection rules, and how can they address them?

SIEM Detection Engineers often face challenges such as minimizing false positives, adapting to evolving threats, and ensuring detection rules remain relevant as the organization's environment changes. To address these challenges, engineers regularly review and refine correlation rules based on incident feedback, collaborate closely with SOC analysts and threat intelligence teams, and stay updated on emerging attack techniques. Continuous testing and validation of rules, as well as leveraging automation where possible, are key practices to maintain effective and actionable alerts.

What is a SIEM Detection Engineer?

A SIEM Detection Engineer is a cybersecurity professional responsible for designing, implementing, and maintaining Security Information and Event Management (SIEM) systems. They create and fine-tune detection rules to identify suspicious activities and potential threats within an organization's IT environment. Their role involves analyzing security logs, developing automated alerts, and collaborating with incident response teams to ensure rapid detection and response to security incidents. By continuously updating detection mechanisms, they help protect organizations from evolving cyber threats.

What is the difference between Siem Detection Engineer vs Security Analyst?

AspectSiem Detection EngineerSecurity Analyst
CertificationsCompTIA Security+, CEH, CISSP (preferred)CompTIA Security+, CEH, CISSP (preferred)
Work EnvironmentFocus on SIEM tools, log analysis, threat detectionBroader security monitoring, incident response, policy enforcement
Employer & Industry UsageIT security teams, cybersecurity firms, large enterprisesIT departments, security operations centers, government agencies

While both roles involve cybersecurity, a Siem Detection Engineer specializes in configuring and managing SIEM systems for threat detection, whereas a Security Analyst has a broader focus on monitoring security events, analyzing incidents, and implementing security policies. The roles often overlap but differ in scope and technical focus.

More about Siem Detection Engineer jobs
What cities are hiring for Siem Detection Engineer jobs? Cities with the most Siem Detection Engineer job openings:
What states have the most Siem Detection Engineer jobs? States with the most job openings for Siem Detection Engineer jobs include:
What job categories do people searching Siem Detection Engineer jobs look for? The top searched job categories for Siem Detection Engineer jobs are:
Siem Detection Engineer jobs near you
Infographic showing various Siem Detection Engineer job openings in the United States as of May 2026, with employment types broken down into 8% Internship, 3% As Needed, 51% Full Time, 28% Part Time, 6% Temporary, and 4% Contract. Highlights an 95% Physical, and 5% Hybrid job distribution, with an average salary of $111,552 per year, or $53.6 per hour.
AOUSC - Detection Engineering Lead

AOUSC - Detection Engineering Lead

cFocus Software Incorporated

Washington, DC โ€ข On-site

$116.10K - $152.90K/yr

Full-time

Posted 7 days ago

Job description

cFocus Software seeks a Detection Engineering Lead to join our program supporting the Administrative Office of the United States Courts (AOUSC). This position is Hybrid with the onsite location being in Washington, DC. This position requires a Public Trust clearance.
Qualifications:
  • Active Public Trust clearance
  • B.S. Computer Science, Information Technology, or a related field
  • 5+ years within IR in a large SOC (over 5,000 endpoints) with at least 3 years focused on proactive detection engineering, threat hunt, or adversary emulation.
  • 3+ years of experience with demonstrated proficiency in forming hypothesis, querying large datasets and identifying APT behavior.
  • 2+ years' experience with demonstrated proficiency in scripting languages including Python and PowerShell to develop new tools.
  • 2+ years' experience with demonstrated proficiency developing detections in a SIEM (utilizing Splunk ES or Microsoft Sentinel).
  • This role most closely aligns with the NICE work role PD-WRL-006 (Threat Analysis).
  • Active OSCP or GXPN certification

Duties:
  • Lead Detection Engineering operations supporting AOUSC Security Operations Division (SOD) mission objectives and defensive cybersecurity operations.
  • Provide full lifecycle support for cybersecurity detection engineering activities, including research, testing, implementation, tuning, deployment, and maintenance of detection capabilities.
  • Research emerging cyber threats, adversary capabilities, attack methodologies, and Tactics, Techniques, and Procedures (TTPs) to improve detection coverage and SOC visibility.
  • Develop, test, validate, and deploy new SIEM detection signatures, analytics, rules, and workflows to enhance threat detection capabilities and minimize analyst burden.
  • Maintain and manage the Risk Based Alerting (RBA) framework within the Judiciary SIEM environment to ensure effective detection of risky or malicious activity.
  • Coordinate weekly meetings with SOC analysts and stakeholders to review alert performance, analyst feedback, false positives, and detection tuning requirements.
  • Analyze all false positive alerts to determine necessary tuning, whitelisting, suppression logic, and gaps in security monitoring or analytics.
  • Develop and maintain detailed documentation for all detection engineering changes, configuration updates, rule logic, workflows, and implementation procedures.
  • Coordinate with Threat Hunting, Cyber Threat Intelligence (CTI), Cybersecurity Triage, Incident Response, and Blue Team personnel to operationalize intelligence-driven detections.
  • Develop new alerts and detections in response to emerging cybersecurity threats, active vulnerabilities, malicious campaigns, and government-directed priorities.
  • Ensure critical vulnerability-related detections are deployed within required service level timelines, including 24-hour implementation for critical severity alerts.
  • Conduct analysis and validation of new alerts from security devices and external telemetry sources to determine operational impact, detection value, and analyst workflow considerations.
  • Track all detection engineering changes, modifications, additions, and removals through Jira stories and established Agile workflows.
  • Develop weekly operational reports summarizing security events, alert dispositions, workforce metrics, tuning activities, detection improvements, and outstanding issues.
  • Document and maintain all detection framework changes within configuration files, knowledge management portals, and operational repositories.
  • Support development and implementation of detection engineering execution plans aligned to AOUSC operational priorities, organizational risks, and emerging threat vectors.
  • Provide recommendations for improving telemetry collection, log visibility, event correlation, and security monitoring effectiveness across Judiciary systems and cloud environments.
  • Collaborate with Blue Team personnel to improve detection coverage associated with Red Team findings, adversary emulation, and cyber exercises.
  • Prepare and deliver technical briefings, operational status reports, executive summaries, and stakeholder presentations.
  • Support transition-in, transition-out, operational readiness, and knowledge transfer activities in accordance with AOUSC requirements.

Apply