Overview
On Site
USD 98,400.00 - 163,500.00 per year
Full Time
Skills
Thought Leadership
Innovation
Computer Science
Information Technology
Splunk
Information Security
CISSP
CISM
OSCP
Security Operations
Cloud Security
Scripting
Python
Windows PowerShell
ISO 9000
Strategic Leadership
Strategy Development
Data Lake
Research and Development
Threat Modeling
Threat Analysis
Lifecycle Management
Partnership
Security Architecture
Cyber Security
Artificial Intelligence
Machine Learning (ML)
Analytics
Dashboard
SIEM
Communication
Use Cases
Collaboration
Scrum
Continuous Improvement
Workflow
SAP BASIS
Law
Health Care
Life Insurance
Insurance
Job Details
Job Description
JOB SUMMARY
A technical thought leadership role responsible for shaping and executing detection strategy and advanced detection development within both SIEM and Security Data Lake environments. The individual will collaborate across Cybersecurity Analytics, Security Architecture, and Engineering teams to ensure comprehensive detection coverage for Marriott's business applications and platforms. This role will inform the prioritization of detection development, contribute to supplemental threat modeling, and conduct research and development on adversary TTPs based on threat intelligence. The candidate is expected to bring deep hands-on detection and response expertise to support SOAR and AI-driven security initiatives. The role requires a blend of technical acumen, strategic vision, and the ability to drive innovation in detection engineering.
CANDIDATE PROFILE
Education and Experience
Required:
Bachelor's degree in computer science, information security, or related field, or equivalent experience/certification.
7+ years experience working in Information Technology including:
5+ years of experience in detection engineering, security analytics, or related cybersecurity roles.
Demonstrated experience with SIEM (e.g., Splunk Enterprise Security) and Security Data Lake platforms.
Experience developing and tuning advanced detection content, including correlation rules, behavioral analytics, and threat hunting queries.
Proven ability to lead cross-functional initiatives and collaborate with diverse technical teams.3+ years of collective experience in one or all of the following:
Splunk SIEM (Splunk Enterprise Security) threat detection use case development
UEBA use case development for insider threat use case development
Preferred Skills/Experience:
Current Advanced information security certifications (e.g., CISSP, CISM, GIAC, OSCP).
Experience supporting SOAR and AI/ML-driven security operations.
Familiarity with cloud security, threat intelligence platforms, and modern security architectures.
Experience with scripting/programming (Python, PowerShell, etc.) and automation.
Working knowledge of frameworks such as MITRE ATT&CK, NIST CSF, and ISO/IEC 27001.
CORE WORK ACTIVITIES
Strategic Leadership:
Inform detection strategy development with detection approaches that leverages SIEM, Security Data Lake, and tools integrated with the security analytics platforms.
Inform and prioritize detection development based upon business risk, threat intelligence, and evolving adversary TTPs.
Lead R&D efforts to identify and address detection gaps, leveraging threat modeling and threat intelligence.
Provide detection governance partnership with Detection Engineering for efficacy reviews and lifecycle management of developed security monitoring content.
Technical Execution:
Develop advanced detections in partnership with Detection Engineering and other partners.
Collaborate with Security Architecture and Engineering teams to ensure detection coverage aligns with cybersecurity risks and business priorities.
Support the integration of detection content with SOAR and AI/ML initiatives to enhance automated response and analytics.
Develop analytics, correlation searches, dashboards, reports and alerts within the SIEM and UEBA platforms.
Collaboration and Communication:
Facilitate cross-team collaboration sessions to ideate and review detection use cases and detection methodologies.
Document detection approaches for TTPs, threat models, and monitoring strategies using standard templates and methodologies.
Engage and collaborate with other security engineers and architects as needed to keep pace with the evolution of corporate infrastructure and applications and share that knowledge with peers as appropriate.
Attend SCRUM and prioritization meetings to review and update deliverables.
Present findings, recommendations, and detection approaches to technical and non-technical stakeholders.
Continuous Improvement:
Stay current with emerging threats, adversary tactics, techniques, and detection technologies.
Contribute to the development and refinement of detection engineering standards, workflows, and best practices.
Provide technical development support for detection engineers
At Marriott International, we are dedicated to being an equal opportunity employer, welcoming all and providing access to opportunity. We actively foster an environment where the unique backgrounds of our associates are valued and celebrated. Our greatest strength lies in the rich blend of culture, talent, and experiences of our associates. We are committed to non-discrimination on any protected basis, including disability, veteran status, or other basis protected by applicable law.
About Us
All positions offer a 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others. Click here to learn more.
Full-time positions also offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave and educational assistance.
Washington Applicants Only: Employees will accrue paid sick leave, 0.077 PTO balance for every hour worked and be eligible to receive a minimum of 9 holidays annually.
Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.
About the Team
Marriott International is the world's largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. Be where you can do your best work, begin your purpose, belong to an amazing global team, and become the best version of you.
JOB SUMMARY
A technical thought leadership role responsible for shaping and executing detection strategy and advanced detection development within both SIEM and Security Data Lake environments. The individual will collaborate across Cybersecurity Analytics, Security Architecture, and Engineering teams to ensure comprehensive detection coverage for Marriott's business applications and platforms. This role will inform the prioritization of detection development, contribute to supplemental threat modeling, and conduct research and development on adversary TTPs based on threat intelligence. The candidate is expected to bring deep hands-on detection and response expertise to support SOAR and AI-driven security initiatives. The role requires a blend of technical acumen, strategic vision, and the ability to drive innovation in detection engineering.
CANDIDATE PROFILE
Education and Experience
Required:
Bachelor's degree in computer science, information security, or related field, or equivalent experience/certification.
7+ years experience working in Information Technology including:
5+ years of experience in detection engineering, security analytics, or related cybersecurity roles.
Demonstrated experience with SIEM (e.g., Splunk Enterprise Security) and Security Data Lake platforms.
Experience developing and tuning advanced detection content, including correlation rules, behavioral analytics, and threat hunting queries.
Proven ability to lead cross-functional initiatives and collaborate with diverse technical teams.3+ years of collective experience in one or all of the following:
Splunk SIEM (Splunk Enterprise Security) threat detection use case development
UEBA use case development for insider threat use case development
Preferred Skills/Experience:
Current Advanced information security certifications (e.g., CISSP, CISM, GIAC, OSCP).
Experience supporting SOAR and AI/ML-driven security operations.
Familiarity with cloud security, threat intelligence platforms, and modern security architectures.
Experience with scripting/programming (Python, PowerShell, etc.) and automation.
Working knowledge of frameworks such as MITRE ATT&CK, NIST CSF, and ISO/IEC 27001.
CORE WORK ACTIVITIES
Strategic Leadership:
Inform detection strategy development with detection approaches that leverages SIEM, Security Data Lake, and tools integrated with the security analytics platforms.
Inform and prioritize detection development based upon business risk, threat intelligence, and evolving adversary TTPs.
Lead R&D efforts to identify and address detection gaps, leveraging threat modeling and threat intelligence.
Provide detection governance partnership with Detection Engineering for efficacy reviews and lifecycle management of developed security monitoring content.
Technical Execution:
Develop advanced detections in partnership with Detection Engineering and other partners.
Collaborate with Security Architecture and Engineering teams to ensure detection coverage aligns with cybersecurity risks and business priorities.
Support the integration of detection content with SOAR and AI/ML initiatives to enhance automated response and analytics.
Develop analytics, correlation searches, dashboards, reports and alerts within the SIEM and UEBA platforms.
Collaboration and Communication:
Facilitate cross-team collaboration sessions to ideate and review detection use cases and detection methodologies.
Document detection approaches for TTPs, threat models, and monitoring strategies using standard templates and methodologies.
Engage and collaborate with other security engineers and architects as needed to keep pace with the evolution of corporate infrastructure and applications and share that knowledge with peers as appropriate.
Attend SCRUM and prioritization meetings to review and update deliverables.
Present findings, recommendations, and detection approaches to technical and non-technical stakeholders.
Continuous Improvement:
Stay current with emerging threats, adversary tactics, techniques, and detection technologies.
Contribute to the development and refinement of detection engineering standards, workflows, and best practices.
Provide technical development support for detection engineers
At Marriott International, we are dedicated to being an equal opportunity employer, welcoming all and providing access to opportunity. We actively foster an environment where the unique backgrounds of our associates are valued and celebrated. Our greatest strength lies in the rich blend of culture, talent, and experiences of our associates. We are committed to non-discrimination on any protected basis, including disability, veteran status, or other basis protected by applicable law.
About Us
All positions offer a 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others. Click here to learn more.
Full-time positions also offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave and educational assistance.
Washington Applicants Only: Employees will accrue paid sick leave, 0.077 PTO balance for every hour worked and be eligible to receive a minimum of 9 holidays annually.
Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.
About the Team
Marriott International is the world's largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. Be where you can do your best work, begin your purpose, belong to an amazing global team, and become the best version of you.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.