Location: Charlotte, NC
Salary: $69.00 USD Hourly - $74.00 USD Hourly
Description: Threat Detection Engineer (Contingent Resource)Locations: Charlotte, NC | Chandler, AZ | Minneapolis, MN | Dallas (Las Colinas), TX
Conversion: Yes
About the RoleIn this role, you will serve as a senior contributor within the Information Security Engineering function, supporting large-scale, highly complex initiatives. You will analyze and solve multifaceted security challenges, design and mature detection capabilities, and consult with cross-functional partners to strengthen the organization's security posture.
You will leverage deep expertise in threat detection engineering, cloud and on-premise telemetry, and attacker tradecraft to build high-fidelity detections and guide the full detection lifecycle-from requirements to decommissioning.
Responsibilities- Lead and contribute to complex Information Security Engineering initiatives with broad organizational impact.
- Review, analyze, and solve advanced security challenges involving multi-cloud, multi-tenant, or global-scale environments.
- Design, implement, tune, and maintain high-quality threat detections across SIEM, EDR/XDR, and cloud platforms.
- Map detections to MITRE ATT&CK, identify gaps, and propose improvements.
- Assess data quality, telemetry coverage, and log source onboarding needs to enhance detection capabilities.
- Collaborate strategically with engineering, SOC, platform, and infrastructure teams.
- Develop metrics, dashboards, and feedback loops supporting continuous detection quality improvement.
- Create runbooks, playbooks, and documentation for detection operations.
- Apply automation, scripting, and version-controlled workflows to streamline detection development and testing.
Required Qualifications- 5+ years of experience in Information Security Engineering, Threat Detection Engineering, Security Operations, or Incident Response.
- 3+ years specifically focused on writing, tuning, and managing threat detections.
- Demonstrated ownership of a detection lifecycle or detection engineering program (requirements, design, implementation, tuning, decommissioning).
- Proven success operating in large-scale or complex environments, such as multi-cloud, multi-tenant, or global enterprises.
- Equivalent experience from work, consulting, training, military service, or education is welcome.
Technical Skills - Detection EngineeringSIEM (Splunk)- Advanced SPL expertise (searches, macros, data models, scheduled searches, alerting)
EDR/XDR (CrowdStrike Falcon)- Custom IOA rule authoring, tuning, and exclusion logic
Microsoft Security- Defender for Endpoint
- Defender for Cloud Apps
- Microsoft Sentinel / M365 Defender
- Strong KQL proficiency
Cloud Platforms- Azure: Log Analytics, Azure AD, Defender for Cloud, activity logs
- Google Cloud Platform: Cloud Logging, Security Command Center, IAM, network telemetry
- Ability to convert attacker TTPs into actionable detection logic across multiple ecosystems
Threat & Attack Expertise- Deep familiarity with MITRE ATT&CK (Enterprise Matrix)
- Understanding of adversary behaviors, including:
- Phishing
- Ransomware
- Lateral movement
- Privilege escalation
- Data exfiltration
- Cloud account compromise
- Identity abuse
- Experience conducting detection gap analysis based on emerging threats
- Knowledge of threat intelligence sources and operationalizing intel into detection content
Detection Fidelity & Quality- Experience measuring and improving detection precision, recall, and signal-to-noise ratio
- Ability to plan and execute detection testing:
- Simulations
- Red team findings
- Adversary emulation tools
- Familiarity with testing frameworks such as:
- Atomic Red Team
- Caldera
- Commercial breach & attack simulation tools
- Experience building metrics, dashboards, and SOC collaboration loops
- Creation and maintenance of runbooks/playbooks tied to detection alerts
Data Engineering & Telemetry- Understanding of:
- Windows events, Sysmon
- Linux logs
- Network telemetry (NetFlow, firewall, DNS/proxy)
- Cloud-native logs for Azure, Google Cloud Platform, and AWS
- Identity and access logs (Azure AD, Okta, on-prem AD)
- Ability to evaluate log quality, coverage, and data onboarding requirements
- Experience working with engineering and platform teams to enable new log sources
Engineering & Automation- Proficiency in scripting languages such as Python or PowerShell to support automation, testing, and enrichment
- Experience using Git for version control (branching, PRs, reviews)
- Familiarity with SDLC-style processes for detection content
- Knowledge of infrastructure-as-code or configuration-as-code concepts (preferred)
Additional InformationMore detailed requirements will be provided as needed.
By providing your phone number, you consent to: (1) receive automated text messages and calls from the Judge Group, Inc. and its affiliates (collectively "Judge") to such phone number regarding job opportunities, your job application, and for other related purposes. Message & data rates apply and message frequency may vary. Consistent with Judge's Privacy Policy, information obtained from your consent will not be shared with third parties for marketing/promotional purposes. Reply STOP to opt out of receiving telephone calls and text messages from Judge and HELP for help.
Contact: This job and many more are available through The Judge Group. Please apply with us today! 
Never miss an opportunity! Create an alert based on the job you applied for.