Cyber Defense – Defense Engineering Service Lead

Position Summary

Zoetis is seeking a Defense Engineering Service Lead, you will lead hands‑on detection engineering and Security Operations Center (SOC) operations to rapidly identify, contain, and resolve security threats for enterprise clients. Your expertise in MITRE ATT&CK, adversary tradecraft, and security technologies (SIEM, EDR, NDR) will drive the creation and tuning of high‑quality detections, complex investigations, and proactive threat hunting. You’ll automate response playbooks and integrate tools to build a cohesive defense ecosystem, partnering closely with cross‑functional teams to improve signal fidelity, reduce false positives, and accelerate detection and response.

In addition, you will mentor analysts, manage client relationships, and ensure programs meet industry frameworks and compliance standards, delivering operational excellence in a fast‑paced environment.

• Manage Log Ingestion and Data Normalization: Oversee the onboarding and integration of log sources across enterprise environments, ensuring reliable data ingestion, parsing, and enrichment. Maintain adherence to a Common Information Model (CIM) to standardize event fields, promote interoperability among security tools, and maximize detection fidelity and coverage.
• Engineering & Automation: Design, develop, and maintain incident response playbooks, orchestrations, and automation for rapid response and evidence collection. Integrate and script security tools to create an efficient, cohesive, and automated defense ecosystem. Continually optimize detection logic and playbooks based on ongoing threat intelligence and operational feedback.
• Threat Hunting & Readiness: Lead hypothesis‑driven threat hunting across endpoints, identity, network, and cloud infrastructure to uncover unknown threats. Conduct continuous detection QA and tuning to enhance signal fidelity, reduce false positives, and improve analyst efficiency. Stay current on evolving threats, leveraging new detection and hunting methodologies as needed.
• Incident Response & Purple Teaming: Serve as a hands‑on incident responder, focusing on rapid containment and translating lessons learned into improved detections and processes. Partner with Red Team and IR colleagues on purple team exercises to validate detection coverage and address identified gaps.
• Metrics & Continuous Improvement: Develop, track, and report on detection metrics (coverage, fidelity, alert volumes, MTTA, MTTR) and use data‑driven insights to inform backlog and roadmap priorities. Lead post‑incident reviews and drive continuous improvement initiatives for the detection and response program.
• Mentorship & Leadership: Mentor, coach, and manage SOC analysts and detection engineers, providing guidance on triage techniques, detection logic, threat hunting, and automation while supporting career growth and development. Lead team performance by setting clear expectations and goals, monitoring outcomes, delivering regular feedback, and conducting performance reviews and improvement plans as needed. Foster a culture of excellence, knowledge sharing, and continuous learning through training, enablement, and cross‑functional collaboration.
• Strategic & Client Partnership: Guide clients in building and maturing cyber defense and detection programs aligned with industry frameworks and regulatory requirements (e.g., NIST CSF, ISO 27001, PCI‑DSS). Communicate complex technical and operational issues effectively with both technical teams and executive stakeholders.

• Education:
  
  Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or relevant professional experience.
• 5+years hands‑on experience or equivalent demonstrated proficiency building/maintaining automation using Python and REST APIs in production environments.
• 8+years hands‑on experience or equivalent depth of expertise in SOC operations, with emphasis on incident response, detection engineering, and security automation.

• GSEC (GIAC Security Essentials)
• GCIH (GIAC Certified Incident Handler)
• GCIA (GIAC Certified Intrusion Analyst)
• GSOC (GIAC Security Operations Certification)
• GCED…