Detection Engineering Manager (Lead)

The Detection Engineering Manager will lead a team of skilled engineers responsible for designing, developing, and maintaining advanced threat detection capabilities across enterprise and manufacturing environments. This role is pivotal in proactively identifying malicious activity, reducing dwell time, and enhancing the organization s ability to detect and respond to cyber threats. The ideal candidate will combine deep technical expertise with strong leadership and a passion for innovation in cybersecurity.

Key Responsibilities:

• Manage and mentor a team of detection engineers, fostering a culture of innovation, collaboration, and technical excellence. (this can be an opportunity for a Team Lead ready who is to take over team)
• Define and execute detection engineering strategy aligned with business risk and organizational goals.
• Lead initiatives to automate detection engineering workflows and improve team efficiency.
• Oversee the full lifecycle of detection engineering projects, including prioritization, resource allocation, and performance tracking.

Technical

• Develop and optimize detection logic, signatures, and analytics across SIEM, EDR, and cloud-native platforms.
• Oversee hypothesis-based threat hunting campaigns performed by team members
• Integrate threat intelligence into detection and response workflows to enhance situational awareness.
• Translate threat actor behaviors into actionable detections using frameworks like MITRE ATT&CK and the Cyber Kill Chain.
• Conduct threat modeling and detection gap analysis to continuously improve detection coverage.
• Ensure detection logic is tested, validated, and tuned for accuracy and performance.
• Stay current with emerging threats, tools, and techniques to maintain cutting-edge detection capabilities.

Organizational

• Collaborate with SOC, threat intelligence, and incident response teams to align detection efforts with operational needs.
• Partner with IT, OT, and service providers to ensure visibility and coverage across enterprise and industrial environments.
• Communicate detection strategies, risks, and outcomes effectively to technical and non-technical stakeholders, including executive leadership.
• Ensure detection engineering practices support compliance with internal policies and external regulatory requirements.

Minimum Requirements:

• Bachelor s degree in Cybersecurity, Computer Science, Information Technology, or a related field (completed and verified prior to star) from an accredited university.
• 7+ years of experience in cybersecurity, with at least 3 years in a leadership or technical lead role focused on detection engineering or threat detection.

Additional qualifications that could help you succeed even further in this role include:

• Displays a proven track record in leading and managing a threat response team with emphasis on proactive threat identification, analysis and incident identification.
• Ability to apply threat intelligence to identify, assess, and report on current advanced threats

• Hands-on experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel) and EDR solutions (e.g., CrowdStrike, Defender for Endpoint)
• Relevant certifications such as GIAC (GCIA, GDAT, GCTD), CISSP, or equivalent are highly desirable.
• Ability to present technical concepts to non-technical audiences
• Presents a detailed understanding of emerging threat landscape, including threat actor classifications
• Keeps abreast of adversary tactics, techniques and procedures, intelligence reporting
• Stays current with the cyber intelligence community to maintain/develop formal and informal sources of information and incorporate industry best practices where applicable
• Ability to lead, coach and advise team members; effectively manages across cultural and generational boundaries
• Demonstrates excellent analytical and problem-solving skills
• Deep understanding of threat detection technologies including SIEM, EDR, and cloud-native tools.
• Proficiency in detection scripting languages such as KQL and Sigma
• Strong knowledge of adversary tactics and techniques, including MITRE ATT&CK and the Cyber Kill Chain.
• Ability to define and execute detection engineering strategies aligned with business risk.
• Skilled in cross-functional collaboration with SOC, IR, threat intel, and IT/OT teams.
• Passion for automation and continuous improvement in detection engineering workflows.