Genesis10 is currently seeking a Threat Detection Engineer for a contract position located in Charlotte, NC; Chandler, AZ; Minneapolis, MN; or Dallas, TX. This is an 18+ month contract opportunity. Description: - Consult on complex initiatives with broad impact and large-scale planning for Information Security Engineering
- Review and analyze complex multi-faceted, larger scale or longer-term Information Security Engineering challenges that require in-depth evaluation of multiple factors including intangibles or unprecedented factors
- Contribute to the resolution of complex and multi-faceted situations requiring solid understanding of the function, policies, procedures, and compliance requirements that meet deliverables
- Strategically collaborate and consult with client personnel
Requirements: - 5+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work or consulting experience, training, military experience, education
- 5+ years in threat detection engineering, security operations, or incident response, with at least 3 years focused on writing and tuning detections
- Demonstrated ownership of a detection lifecycle or detection engineering program (requirements, design, implementation, tuning, decommission)
- Proven experience working in large or complex environments (multi-tenant, multi-cloud, or global enterprises)
Technical Skills - Detection Engineering: - Strong experience writing and tuning detections in:
- SIEM: Splunk (SPL proficiency required; advanced search, macros, data models, scheduled searches, alerting)
- EDR/XDR: CrowdStrike (Falcon platform; custom IOA rules, detection tuning, exclusion logic)
- Microsoft Security: Microsoft Defender for Endpoint / Defender for Cloud Apps; Kusto Query Language (KQL) for Microsoft Sentinel and M365 Defender
- Cloud Platforms: Azure (log analytics, activity logs, Azure AD, Defender for Cloud); Google Cloud Platform (Cloud Logging, Security Command Center, IAM, network telemetry)
- Ability to translate attacker techniques (TTPs) into detection logic across multiple platforms
Threat & Attack Knowledge: - Deep understanding of:
- MITRE ATT&CK (enterprise matrix; TTP coverage, mapping detections to ATT&CK)
- Common adversary tradecraft: phishing, ransomware, lateral movement, privilege escalation, exfiltration, cloud account compromise, identity misuse
- Ability to perform detection gap analysis based on recent threats (e.g., ransomware families, cloud-native attacks, identity-based attacks)
- Familiarity with threat intelligence sources and how to operationalize them into detection content
Detection Fidelity & Quality: - Demonstrated experience measuring and improving detection fidelity (precision/recall, false positive/negative analysis), designing and executing test plans for detections (simulations, red team findings, adversary emulation tools), and using test frameworks (e.g., Atomic Red Team, Caldera, commercial breach & attack simulation) to validate detection coverage
- Experience building and maintaining top talker detection dashboards and metrics, feedback loops with SOC analysts to continuously refine detection logic, and runbooks or playbooks tied to specific detections
Data Engineering & Telemetry Understanding: - Strong grasp of logging and telemetry: Windows event logs, Sysmon, Linux logs; Network telemetry (NetFlow, firewall logs, proxy/DNS); Identity and access logs (Azure AD, Okta, on-prem AD); Cloud-native logs (Azure, Google Cloud Platform, AWS if applicable)
- Ability to assess log quality and coverage, specify data requirements for new or improved detections, and work with platform or infra teams to onboard or normalize new log sources
Engineering & Automation Mindset: - Proficiency in one or more scripting/programming languages (Python, PowerShell, or similar) for detection content automation and building small tools to support detection analysis or enrichment
- Experience with version control and SDLC-like processes for detection content: Git (branching, pull requests, code review); Change management, testing, and staged rollout of new rules
Desired skills: - Familiarity with infrastructure-as-code / configuration-as-code for security tooling
Pay range: $59.53 - $67.53 per hour
Only candidates available and ready to work directly as Genesis10 employees will be considered for this position. If you have the described qualifications and are interested in this exciting opportunity, please apply!
Ranked a Top Staffing Firm in the U.S. by Staffing Industry Analysts for six consecutive years, Genesis10 puts thousands of consultants and employees to work across the United States every year in contract, contract-for-hire, and permanent placement roles. With more than 300 active clients, Genesis10 provides access to many of the Fortune 100 firms and a variety of mid-market organizations across the full spectrum of industry verticals.
For contract roles, Genesis10 offers the benefits listed below. If this is a perm-placement opportunity, our recruiter can talk you through the unique benefits offered for that particular client. Benefits of Working with Genesis10:
- Access to hundreds of clients, most who have been working with Genesis10 for 5-20+ years.
- The opportunity to have a career-home in Genesis10; many of our consultants have been working exclusively with Genesis10 for years.
- Access to an experienced, caring recruiting team (more than 7 years of experience, on average.)
- Behavioral Health Platform
- Medical, Dental, Vision
- Health Savings Account
- Voluntary Hospital Indemnity (Critical Illness & Accident)
- Voluntary Term Life Insurance
- 401K
- Sick Pay (for applicable states/municipalities)
- Commuter Benefits (Dallas, NYC, SF, and Illinois)
For multiple years running, Genesis10 has been recognized as a Top Staffing Firm in the U.S., as a Best Company for Work-Life Balance, as a Best Company for Career Growth, for Diversity, and for Leadership, amongst others. To learn more and to view all our available career opportunities, please visit us at our website.
Genesis10 is an Equal Opportunity Employer. Candidates will receive consideration without to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Never miss an opportunity! Create an alert based on the job you applied for.