Detection Engineer

Come join Deepwatch’s team of world-class cybersecurity professionals and the brightest minds in the industry. If you're ready to challenge yourself with work that matters, then this is the place for you. We're redefining cybersecurity as one of the fastest growing companies in the U.S. – and we have a blast doing it!

Deepwatch is the leader in managed security services, protecting organizations from ever-increasing cyber threats 24/7/365. Powered by Deepwatch’s cloud-based security operations platform, Deepwatch provides the industry’s fastest, most comprehensive detection and automated response to cyber threats together with tailored guidance from dedicated experts to mitigate risk and measurably improve security posture. Hundreds of organizations, from Fortune 100 to mid-sized enterprises, trust Deepwatch to protect their business.

• 2025 Great Place to Work Certified
• 2024 Military Times Best for Vets Employers
• 2024 US Department of Labor Hire Vets Gold Award
• 2024 Forbes' America's Best Startup Employers
• 2024 Cyber Defense Magazine, Global Infosec Awards
• 2023 Fortress Cybersecurity Award
• 2023 $ 180M Series C investment from Springcoast Capital Partners, Splunk Ventures, and Vista Credit Partners of Vista Equity Partners
• 2022 Cybersecurity Excellence Award for MDR

Reports to:

Senior Manager Threat Detection & Research

Hybrid Tampa, FL or Remote

While proximity to Tampa is preferred to support a hybrid schedule in our Tampa Center of Excellence, we’re open to remote candidates who can support the Eastern Time Zone.

• Develop and document new Detection Capabilities for customer environments
• Work with customers to develop a comprehensive strategy for effective detections
  • Leverage industry frameworks, such as MITRE ATT&CK Framework, for customer-facing alert improvement roadmap
  • Apply knowledge of common detection tools (Azure logging, command line logging, etc.) to advise customers on logging capabilities to expand applicable detection library
  • Confidently prioritize log sources for ingestion and enablement
• Evaluate current monitoring and detection capabilities to identify areas for improvement
  • Conduct Detection Gap Analyses
• Manage detection capabilities to ensure appropriate coverage, effective operation, and adherence to Deepwatch standards
  • Detection Enablement
  • Detection Effectiveness (Tuning, Validation, etc.)
  • Detection Creation
• Onboard assigned customers, establishing baseline detection coverage and detection enablement plan post onboarding
• Ensure ingested log sources conform to CIM standards

• Experience working for a Managed Security Service Provider (MSSP) or similar cybersecurity organization
• Experience working and querying SIEM tools or other log-based data preferably Splunk
• Experience in engineering event detection & response tuning
• Ability to engineer creative, scalable, and out-of-the-box solutions
• Up-to-date with engineering best practices, security technology trends, tools, and frameworks
• Experience in developing detections for attacker tactics, techniques, and procedures (TTPs)
• Able to both investigate and create security rules in at least 1 SIEM
• Understanding of general enterprise network architecture and security incident response
• Understanding of common enterprise technologies and logging capabilities including Cloud, IDS/IPS, Firewalls, Active Directory, Anti-Virus/EDR, Proxies, and Email Gateway
• Understanding of various attack frameworks such as MITRE ATT&CK and general adversarial / defensive security techniques (e.g. the Cyber Kill Chain, and NIST)
• Ability to communicate and document technical information effectively towards various audience

The anticipated salary range for this role is $94,500 - $118,700 plus stock options and benefits. Actual compensation may vary from posted hiring range based on geographic location, work experience, education, and/or skill level.

• A citizen of the U.S.;
• A lawful permanent resident of the United States;
• A person admitted to the United States as a refugee; or
• A person that has been granted asylum by the United States government.

The intent of this requirement is not to verify…