Job details

Detection Engineering Lead - REMOTE

Get a free resume review

Description

Binary Defense is seeking a Detection Engineering Lead to serve as both a technical leader and hands-on contributor within our Detection Engineering function. This is a working manager position responsible for managing the day-to-day operations of the detection engineering team, while also actively participating in detection logic development, telemetry analysis, and strategy execution.

You’ll play a pivotal role in evolving and implementing a scalable detection GitOps process that aligns to business risk, quantifiable metrics, and coverage across the MITRE ATT&CK framework. This role requires deep technical expertise, strong cross-functional communication, and the ability to deliver high-impact security detections at scale.

Key Responsibilities:

Lead and mentor a team of Detection Engineers in designing, developing, and maintaining threat detection logic across SIEM, EDR, and cloud platforms.
Actively contribute to detection development efforts — including rule creation, tuning, threat modeling, and attack simulation — with an eye toward quality, performance, and detection efficacy.
Develop and maintain a structured detection engineering as code lifecycle — from ideation to testing, deployment, tuning, and retirement — with appropriate documentation and traceability.
Establish detection coverage tracking and reporting metrics aligned to business-critical assets and MITRE ATT&CK, including quantifiable risk scoring tied to each detection.
Collaborate across teams (Threat Intel, Incident Response, Security Engineering, Cloud Engineering, etc.) to ensure detections are informed by real-world threats and deployed across the correct telemetry.
Analyze telemetry quality and advocate for improvements to logging pipelines, data normalization, and event enrichment based on detection requirements.
Stay current on emerging attacker TTPs, threat actors, and malware trends to ensure proactive detection coverage.
Support attack testing to validate detection logic and improve effectiveness.
Own onboarding and documentation of detection tooling, processes, and coverage across the organization.
Serve as the subject matter expert on telemetry sources and their detection use cases across endpoint, network, application, and cloud layers.

Requirements

5+ years of experience in detection engineering, threat hunting, or security operations.
2+ years in a leadership or mentoring role within a security engineering team.
Proven experience developing and tuning detection rules across SIEM platforms (e.g., Splunk, Sentinel, Chronicle), EDR solutions (e.g., CrowdStrike, SentinelOne), and Cloud environments (e.g., AWS, GCP, Azure).
Deep understanding of telemetry sources such as Windows Event Logs, Sysmon, PowerShell logs, DNS, proxy/firewall, cloud audit logs, and their detection potential.
Familiarity with attack chains and adversary tradecraft including MITRE ATT&CK, LOLBAS, process injection, credential access, lateral movement, cloud control plane abuse, etc.
Strong understanding of security data modeling, detection-as-code practices, and the use of frameworks like SIGMA or YARA-L.
Experience with REST API interfaces and using automation to streamline detection development or testing.
Strong written and verbal communication skills with the ability to translate complex technical threats into understandable business risk.
Ability to balance project management responsibilities with individual technical contributions.

Preferred Qualifications

Experience implementing or contributing to a Detection Engineering framework or strategy (e.g., Palantir ADS, MITRE D3FEND, etc.)
Familiarity with risk scoring methodologies and mapping detections to risk reduction outcomes.
Experience working in a multi-tenant or MDR environment and building detections at scale.
Knowledge of data pipeline tools and log forwarding agents (e.g., Fluent Bit, Logstash, Elastic Agent, Sysmon XML config tuning).
Hands-on experience with attack simulation tools like Atomic Red Team, Caldera, or manual adversary emulation.

About Binary Defense

Binary Defense is a trusted leader in security operations, supporting companies of all sizes to proactively monitor, detect and respond to cyberattacks. The company offers a personalized Open XDR approach to Managed Detection and Response, advanced Threat Hunting, Digital Risk Protection, Phishing Response, and Incident Response services, helping customers mature their security program efficiently and effectively based on their unique risks and business needs.

With a world-class 24/7 SOC, deep domain expertise in cyber, and sophisticated technology, hundreds of companies across every industry have entrusted Binary Defense to protect their business. Binary Defense gives companies actionable insights within minutes not hours, the confidence in their program to be resilient to ever-changing threats, and the time back that matters most to their business.

Binary Defense is also the Trusted Cybersecurity Partner of the Cleveland Browns and partners with PGA TOUR players. For more information, visit our website, check out our blog, or follow us on LinkedIn.

Binary Defense offers competitive medical, dental and vision coverage for employees and dependents, a 401k match which vests every payroll, a flexible and remote friendly work environment, as well as training opportunities to expand your skill set (to name a few!). If you’re interested in joining a growing team with great perks, we encourage you to apply!

Average salary estimate

$125000 / YEARLY (est.)

min

max

$100000K

$150000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Detection Engineering Lead - REMOTE, Binary Defense

Are you ready to take on an exciting leadership role in cybersecurity? Binary Defense is on the hunt for a Detection Engineering Lead to join our dynamic team in Houston, Texas. This unique position combines technical leadership with hands-on responsibilities, allowing you to shape the future of our Detection Engineering function. In this role, you'll be responsible for leading and mentoring a talented team of Detection Engineers while actively contributing to the development of detection logic and telemetry analysis. You'll implement a robust detection GitOps process that aligns with business risks and measurable metrics, all while ensuring that our security detections are scaled effectively. As the Detection Engineering Lead, you'll work closely with various teams, including Threat Intelligence and Incident Response, to ensure that our detections are informed by real-world threats. Your technical expertise in SIEM, EDR, and cloud platforms will be crucial as you create, tune, and implement detection rules, helping us stay ahead of emerging threats. If you have over five years of experience in detection engineering and a knack for communicating complex security concepts clearly, we'd love to hear from you. Join Binary Defense and help us provide actionable insights that allow us to protect countless businesses around the clock!

Frequently Asked Questions (FAQs) for Detection Engineering Lead - REMOTE Role at Binary Defense

What are the responsibilities of a Detection Engineering Lead at Binary Defense?

As the Detection Engineering Lead at Binary Defense, you'll oversee the daily operations of the detection engineering team while directly contributing to the development of detection logic and telemetry analysis. This involves leading your team in designing and maintaining threat detection across various platforms, actively participating in rule creation and tuning, and developing a structured detection lifecycle. You'll also work closely with other teams to ensure our detections are relevant to real-world threats and track metrics that align with critical business assets.