Senior Detection Engineer

You could be the one who changes everything for our 28 million members by using technology to improve health outcomes around the world. As a diversified, national organization, Centene's technology professionals have access to competitive benefits including a fresh perspective on workplace flexibility.

Centene’s Detection Engineering team drives threat‑informed defense by designing, implementing, and continuously improving high‑fidelity detections across endpoint, identity, network, cloud, and SaaS telemetry. As a Senior Detection Engineer, you will lead complex detection initiatives, architect coverage strategies, and mentor engineers while partnering closely with SOC/CSMT, CSIRT, Threat Intelligence, and platform owners. Your work will measurably reduce risk and alert fatigue through high‑quality analytics, detection‑as‑code practices, and compelling operational outcomes.

• Own end‑to‑end development of multi‑signal detections (endpoint, identity, network, cloud/SaaS) using Splunk (SPL), Microsoft Sentinel/Defender & Azure (KQL), Forti
  
  NDR Cloud (IQL), and Databricks (SQL)
• Translate threat intel (IOCs/TTPs, ATT&CK mapping) into battle‑tested analytics; convert vetted Sigma rules to SPL/KQL where applicable

• Implement version control, change notes, suppression logic, and CI/CD pipelines for detections; champion detection replay/backtesting to improve precision/recall and reduce noise
• Establish and maintain reusable detection content libraries, curated views/tables, and documentation/runbooks that accelerate operations

• Lead data onboarding and schema alignment; articulate coverage plans and quality gates for priority threats and control gaps
• Partner with platform teams to improve data prerequisites (tables, fields, latency) and ensure telemetry health and resilience

• Work directly with SOC/CSMT and CSIRT to tune, triage, and validate detections; convert hunts into detections and run purple‑team validations
• Build tabletop exercises/training for analysts; advise on automation opportunities across SOC/IR workflows

• Provide technical mentorship for DE I/II; conduct peer reviews of detection logic; contribute to sprint planning aligned to quarterly OKRs
• Influence roadmap, standards, and governance for the DE program in partnership with the Principal/Lead Detection Engineer

• Signal quality detection precision/recall, FP rate, MTTD improvements
• Coverage depth ATT&CK technique coverage and telemetry readiness across key domains
• Operational impact validated detections adopted by SOC/IR, reduction in alert fatigue, hunts‑to‑detections conversion rate
• Content velocity & hygiene time‑to‑deliver new analytics, documentation completeness, CI pipeline health
• Mentorship & enablement growth of DE I/II competencies, quality of peer reviews, training outcomes
• Performs other duties as assigned
• Complies with all policies and standards

A Bachelor's degree in a quantitative or business field (e.g., statistics, mathematics, engineering, computer science) and requires 4 – 6 years of related experience. Or equivalent experience acquired through accomplishments of applicable knowledge, duties, scope and skill reflective of the level of this position.

• 3+ years in information security with hands‑on detection engineering (or SOC/IR roles with demonstrated analytics creation)
• Proficiency in SPL, KQL, and one of IQL/Databricks SQL for multi‑event correlation, enrichment, and replay
• Demonstrated experience turning IOCs/TTPs into durable analytics; strong ATT&CK fluency and coverage planning
• Practical detection‑as‑code habits versioning, change control, backtesting, suppression strategy, CI/CD familiarity
• Ability to partner with SOC/CSIRT/Threat Intel; communicate trade‑offs clearly and drive measurable outcomes

• Experience integrating detections with Wiz and Varonis contexts (identity/data exposure)
• Prior work in purple teaming and/or running detection validation exercises
• Familiarity with cloud telemetry (Azure, Entra , MDE) and…