Overview
On Site
Full Time
Skills
AIM
Pivotal
Digital Asset Management
Dashboard
Workflow
Content Development
Log Analysis
Trend Analysis
Use Cases
Documentation
Collaboration
Mentorship
Threat Analysis
Knowledge Sharing
Training
SIEM
Scripting
Windows PowerShell
Python
JavaScript
Bash
Cloud Security
Microsoft Azure
Amazon Web Services
Google Cloud
Google Cloud Platform
Analytical Skill
Problem Solving
Conflict Resolution
Management
Critical Thinking
Cyber Security
Computer Science
Security Operations
D3.js
CISSP
Information Security
CISM
Information Systems
CISA
Security+
Cloud Computing
GCIH
Intrusion Detection
GCIA
Job Details
Location:
4910 Tiedeman Road - Brooklyn, Ohio 44144
Detection & Automation Engineer
Position Summary
Our Cyber Detection & Automation team rolls up into Key's broader Cyber Defense function within Corporate Information Security. Cyber Defense's mission is simple: We aim to Deter, Detect, Deny, and Disrupt adversaries through proactive threat centric defense.
As a member of the Cyber Detection & Automation (CDA) team within Key's Cyber Defense function, you will work both independently and under the guidance of Senior Detection & Automation Engineers in the development of detection logic and automation capabilities that enable our mission to Deter, Detect, Deny, and Disrupt adversaries. This role is pivotal in advancing our threat-centric defense posture by engineering high-fidelity detections, orchestrating response workflows.
You will work across SIEM, SOAR, and DAM platforms to build scalable, resilient detection and response capabilities. You'll also collaborate with Cyber Threat Intelligence, Threat Response, and Engineering teams to ensure our detection strategy aligns with evolving adversary tactics and business risk.
Key Responsibilities
Detection Engineering
Design and implement detection-as-code rules, alerts, dashboards, and reports across SIEM and log aggregation platforms.
Translate threat intelligence and adversary TTPs into actionable detection logic using frameworks like MITRE ATT&CK.
Continuously tune detection content to reduce false positives and improve signal fidelity.
Security Automation
Develop and maintain SOAR playbooks to automate triage, enrichment, and response actions.
Identify manual processes suitable for automation and propose solutions to your Senior department leaders to transform the manual processes into orchestrated workflows.
Threat Analysis & Content Development
Perform event correlation and log analysis to validate detection efficacy and identify gaps.
Assist in conducting trend analysis to identify emerging threats and detection opportunities.
Document detection use cases and maintain lifecycle documentation using team standards.
Collaboration & Mentorship
Partner with Cyber Threat Response and Threat Intelligence teams to align detection priorities.
Escalate confirmed or suspected malicious activity with contextual analysis.
Aspire to become a subject matter expert (SME) in selected domain specialties within your team and contribute to team knowledge sharing and training.
Required Qualifications
Technical Expertise
Understanding of cyber defense principles, adversary TTPs, and detection engineering.
Proficiency in SIEM query languages, and industry formats (Sigma, YARA-L, etc)
Working knowledge of scripting languages (PowerShell, Python, JavaScript, Bash)
Experience with SOAR platforms and automation development.
Familiarity with cloud security (Azure, AWS, Google Cloud Platform) and integrating cloud telemetry into detection pipelines.
Operational & Analytical Skills
Strong problem-solving skills and ability to interpret complex log data.
Experience in documenting and managing detection content lifecycle.
Ability to communicate technical concepts to both technical and non-technical audiences.
Ability to perform and apply Critical-Thinking through day-to-day assignments and taskings
Desired Qualifications
Bachelor's degree in Cybersecurity, Computer Science, or related field-or equivalent experience.
Minimum 3+ years in security operations, detection engineering, or threat hunting roles.
Familiarity with the MITRE ATT&CK and D3FEND framework and adversary TTPs.
Preferred Certifications
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
CompTIA Security+
GIAC Certified Detection Analyst (GCDA)
GIAC Cloud Threat Detection (GCTD)
GIAC Certified Incident Handler (GCIH)
GIAC Certified Intrusion Analyst (GCIA)
COMPENSATION AND BENEFITS
TBD
Please click here for a list of benefits for which this position is eligible.
Job Posting Expiration Date: 10/05/2025KeyCorp is an Equal Opportunity Employer committed to sustaining an inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.
Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing
4910 Tiedeman Road - Brooklyn, Ohio 44144
Detection & Automation Engineer
Position Summary
Our Cyber Detection & Automation team rolls up into Key's broader Cyber Defense function within Corporate Information Security. Cyber Defense's mission is simple: We aim to Deter, Detect, Deny, and Disrupt adversaries through proactive threat centric defense.
As a member of the Cyber Detection & Automation (CDA) team within Key's Cyber Defense function, you will work both independently and under the guidance of Senior Detection & Automation Engineers in the development of detection logic and automation capabilities that enable our mission to Deter, Detect, Deny, and Disrupt adversaries. This role is pivotal in advancing our threat-centric defense posture by engineering high-fidelity detections, orchestrating response workflows.
You will work across SIEM, SOAR, and DAM platforms to build scalable, resilient detection and response capabilities. You'll also collaborate with Cyber Threat Intelligence, Threat Response, and Engineering teams to ensure our detection strategy aligns with evolving adversary tactics and business risk.
Key Responsibilities
Detection Engineering
Design and implement detection-as-code rules, alerts, dashboards, and reports across SIEM and log aggregation platforms.
Translate threat intelligence and adversary TTPs into actionable detection logic using frameworks like MITRE ATT&CK.
Continuously tune detection content to reduce false positives and improve signal fidelity.
Security Automation
Develop and maintain SOAR playbooks to automate triage, enrichment, and response actions.
Identify manual processes suitable for automation and propose solutions to your Senior department leaders to transform the manual processes into orchestrated workflows.
Threat Analysis & Content Development
Perform event correlation and log analysis to validate detection efficacy and identify gaps.
Assist in conducting trend analysis to identify emerging threats and detection opportunities.
Document detection use cases and maintain lifecycle documentation using team standards.
Collaboration & Mentorship
Partner with Cyber Threat Response and Threat Intelligence teams to align detection priorities.
Escalate confirmed or suspected malicious activity with contextual analysis.
Aspire to become a subject matter expert (SME) in selected domain specialties within your team and contribute to team knowledge sharing and training.
Required Qualifications
Technical Expertise
Understanding of cyber defense principles, adversary TTPs, and detection engineering.
Proficiency in SIEM query languages, and industry formats (Sigma, YARA-L, etc)
Working knowledge of scripting languages (PowerShell, Python, JavaScript, Bash)
Experience with SOAR platforms and automation development.
Familiarity with cloud security (Azure, AWS, Google Cloud Platform) and integrating cloud telemetry into detection pipelines.
Operational & Analytical Skills
Strong problem-solving skills and ability to interpret complex log data.
Experience in documenting and managing detection content lifecycle.
Ability to communicate technical concepts to both technical and non-technical audiences.
Ability to perform and apply Critical-Thinking through day-to-day assignments and taskings
Desired Qualifications
Bachelor's degree in Cybersecurity, Computer Science, or related field-or equivalent experience.
Minimum 3+ years in security operations, detection engineering, or threat hunting roles.
Familiarity with the MITRE ATT&CK and D3FEND framework and adversary TTPs.
Preferred Certifications
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
CompTIA Security+
GIAC Certified Detection Analyst (GCDA)
GIAC Cloud Threat Detection (GCTD)
GIAC Certified Incident Handler (GCIH)
GIAC Certified Intrusion Analyst (GCIA)
COMPENSATION AND BENEFITS
TBD
Please click here for a list of benefits for which this position is eligible.
Job Posting Expiration Date: 10/05/2025KeyCorp is an Equal Opportunity Employer committed to sustaining an inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.
Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.