Detection Engineer

Datavant is the data collaboration platform trusted for healthcare. Guided by our mission to make the world's health data secure, accessible and actionable, we provide critical data solutions for organizations across the healthcare ecosystem - including providers, health plans, researchers, and life sciences companies. From fulfilling a single patient's request for their medical records to powering the AI revolution in healthcare, Datavanters are building the future of how data is connected and used to improve health.

By joining Datavant today, you're stepping onto a driven and highly collaborative team that is passionate about creating transformative change in healthcare.

What We're Looking For

We are seeking a highly skilled Detection Engineer to join our Detection Engineering team. This role is responsible for designing, building, and continuously improving detection capabilities across our security stack. You will play a critical role in identifying threats, reducing risk, and enabling rapid response through high-fidelity detections and strong collaboration with Security Operations and Incident Response teams.

What You Will Do

• Design, develop, and maintain detection logic across endpoint, network, and cloud environments
• Create and tune detections using tools such as CrowdStrike, Zscaler, SIEM platforms, and DLP solutions
• Leverage Cyberhaven to build and enhance data exfiltration and insider risk detections
• Analyze logs and telemetry to identify attack patterns, anomalies, and emerging threats
• Continuously improve detection quality by reducing false positives and increasing signal fidelity
• Partner with Incident Response and Security Operations to investigate alerts and refine detection strategies
• Develop and document detection use cases, playbooks, and workflows
• Stay current with adversary tactics, techniques, and procedures (TTPs) and translate them into actionable detections
• Contribute to detection automation and engineering initiatives to improve scalability and efficiency

What You Need to Succeed

• Strong experience with Data Loss Prevention (DLP) tools and workflows like CyberHaven and Microsoft Purview
• Experience with CrowdStrike and Zscaler (or comparable EDR and network security platforms)
• Deep understanding of Windows event logs and other investigation-relevant artifacts
• Experience working with SIEM platforms, log management systems, and endpoint security tools
• Strong analytical and critical thinking skills with exceptional attention to detail
• Ability to investigate complex security events and translate findings into detection improvements
• Excellent written and verbal communication skills, with the ability to clearly explain complex security concepts
• Strong interpersonal skills and the ability to collaborate effectively across security, IT, and engineering teams
• Self-driven with a continuous improvement mindset

What Helps You Stand Out

• Experience building detections mapped to frameworks such as MITRE ATT&CK
• Familiarity with scripting or query languages (e.g., Python, KQL, SPL, SQL)
• Experience with insider threat or data exfiltration detection strategies
• Background in threat hunting or incident response

We are committed to building a diverse team of Datavanters who are all responsible for stewarding a high-performance culture in which all Datavanters belong and thrive. We are proud to be an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.

At Datavant our total rewards strategy powers a high-growth, high-performance, health technology company that rewards our employees for transforming health care through creating industry-defining data logistics products and services.

The range posted is for a given job title, which can include multiple levels. Individual rates for the same job title may differ based on their level, responsibilities, skills, and experience for a specific job.

The estimated total cash compensation range for this role is:

$124,000-$155,000 USD

To ensure the safety of patients and staff, many of our clients require post-offer health screenings and proof and/or completion of various vaccinations such as the flu shot, Tdap, COVID-19, etc. Any requests to be exempted from these requirements will be reviewed by Datavant Human Resources and determined on a case-by-case basis. Depending on the state in which you will be working, exemptions may be available on the basis of disability, medical contraindications to the vaccine or any of its components, pregnancy or pregnancy-related medical conditions, and/or religion.

This job is not eligible for employment sponsorship.

Datavant is committed to a work environment free from job discrimination. We are proud to be an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status. To learn more about our commitment, please review our EEO Commitment Statement here. Know Your Rights, explore the resources available through the EEOC for more information regarding your legal rights and protections. In addition, Datavant does not and will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay.

At the end of this application, you will find a set of voluntary demographic questions. If you choose to respond, your answers will be anonymous and will help us identify areas for improvement in our recruitment process. (We can only see aggregate responses, not individual ones. In fact, we aren't even able to see whether you've responded.) Responding is entirely optional and will not affect your application or hiring process in any way.

Datavant is committed to working with and providing reasonable accommodations to individuals with physical and mental disabilities. If you need an accommodation while seeking employment, please request it here, by selecting the 'Interview Accommodation Request' category. You will need your requisition ID when submitting your request, you can find instructions for locating it here. Requests for reasonable accommodations will be reviewed on a case-by-case basis.

For more information about how we collect and use your data, please review our Privacy Policy.