Detection Engineer

Datavant is the data collaboration platform trusted for healthcare. Guided by our mission to make the world’s health data secure, accessible and actionable, we provide critical data solutions for organizations across the healthcare ecosystem - including providers, health plans, researchers, and life sciences companies. From fulfilling a single patient’s request for their medical records to powering the AI revolution in healthcare, Datavants are building the future of how data is connected and used to improve health.

By joining Datavant today, you’re stepping onto a driven and highly collaborative team that is passionate about creating transformative change in healthcare.

We are seeking a highly skilled Detection Engineer to join our Detection Engineering team. This role is responsible for designing, building, and continuously improving detection capabilities across our security stack. You will play a critical role in identifying threats, reducing risk, and enabling rapid response through high-fidelity detections and strong collaboration with Security Operations and Incident Response teams.

• Design, develop, and maintain detection logic across endpoint, network, and cloud environments
• Create and tune detections using tools such as Crowd Strike, Zscaler, SIEM platforms, and DLP solutions
• Leverage Cyberhaven to build and enhance data exfiltration and insider risk detections
• Analyze logs and telemetry to identify attack patterns, anomalies, and emerging threats
• Continuously improve detection quality by reducing false positives and increasing signal fidelity
• Partner with Incident Response and Security Operations to investigate alerts and refine detection strategies
• Develop and document detection use cases, playbooks, and workflows
• Stay current with adversary tactics, techniques, and procedures (TTPs) and translate them into actionable detections
• Contribute to detection automation and engineering initiatives to improve scalability and efficiency

• Strong experience with Data Loss Prevention (DLP) tools and workflows like Cyber Haven and Microsoft Purview
• Experience with Crowd Strike and Zscaler (or comparable EDR and network security platforms)
• Deep understanding of Windows event logs and other investigation-relevant artifacts
• Experience working with SIEM platforms, log management systems, and endpoint security tools
• Strong analytical and critical thinking skills with exceptional attention to detail
• Ability to investigate complex security events and translate findings into detection improvements
• Excellent written and verbal communication skills, with the ability to clearly explain complex security concepts
• Strong interpersonal skills and the ability to collaborate effectively across security, IT, and engineering teams
• Self-driven with a continuous improvement mindset

• Experience building detections mapped to frameworks such as MITRE ATT&CK
• Familiarity with scripting or query languages (e.g., Python, KQL, SPL, SQL)
• Experience with insider threat or data exfiltration detection strategies
• Background in threat hunting or incident response

• Compensation range: $124,000 — $155,000 USD
• High-growth, high-performance environment rewarding health technology innovation.

We are proud to be an Equal Employment Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.