Jobs via Dice
Detection Response Engineer
⭐ - Featured Role | Apply direct with Data Freelance Hub
This role is for a Detection Response Engineer on a long-term contract, paying $50 - $80 per hour. Candidates should have 3-5 years of experience in detection engineering, strong knowledge of MITRE ATT&CK, and proficiency in SIEM platforms. Hybrid work in SF or regular travel required.
🌎 - Country
United States
💱 - Currency
$ USD
-
💰 - Day rate
640
-
🗓️ - Date
April 18, 2026
🕒 - Duration
Unknown
-
🏝️ - Location
Hybrid
-
📄 - Contract
Unknown
-
🔒 - Security
Unknown
-
📍 - Location detailed
San Francisco, CA
-
🧠 - Skills detailed
#Scripting #Azure #Automated Testing #AWS (Amazon Web Services) #Documentation #Consulting #ERWin #AI (Artificial Intelligence) #Stories #KQL (Kusto Query Language) #Automation #Python #Splunk #Cloud #Security #Version Control #SaaS (Software as a Service) #GCP (Google Cloud Platform) #SQL (Structured Query Language) #SnowSQL #GitHub
Role description
Software Security Firm looking for Detection Response Engineer
This Jobot Consulting Job is hosted by: John Erwin
Are you a fit? Easy Apply now by clicking the "Apply Now" button and sending us your resume.
Salary: $50 - $80 per hour
A bit about us:
We are a Software Consulting firm working with enterprise and start companies that are AI driven and we are developing some of the most cutting edge software/security solutions platforms in the world
Why join us?
• Competitive Compensation
• Work on incredible projects that are fun and challenging
• Full Benefits (Medical, Vision, Dental)
• 401k
• Long term Contract to Hire opportunity
Job Details
Seeking a mid-level Detection & Response Engineer who will own the design, implementation, and tuning of detection content across customer SIEM and security data platforms. Working closely with customer security operations and engineering peers, you will translate adversary tradecraft into durable coverage, engineer the incident response playbooks customer SOCs actually run, and build detection-as-code pipelines that ship security content with production-grade rigor. This position is based in our SF office on a hybrid schedule; candidates outside the Bay Area who are willing to travel regularly are also encouraged to apply.
Responsibilities
• Build, tune, and maintain detection logic across customer SIEM and security data platforms (Panther, Microsoft Sentinel, Splunk, or similar).
• Develop correlation rules, scheduled queries, and multi-stage alert pipelines tailored to each customer's environment and threat profile.
• Translate adversary tactics, techniques, and procedures (MITRE ATT&CK, threat intel, red-team findings) into high-fidelity detections.
• Perform detection coverage gap analyses against customer threat models and recommend prioritized improvements.
• Integrate detection-as-code practices into CI/CD pipelines for security content (version control, peer review, automated testing).
• Build SOAR workflows and automation that reduce manual toil in alert triage, enrichment, and response.
• Lead threat modeling sessions with customer security and engineering teams to identify attack paths and detection requirements.
• Write and maintain documentation, runbooks, and architecture decision records (ADRs) for detection content and incident response playbooks.
Qualifications
• 3 to 5 years of experience in detection engineering, security operations, or incident response.
• Strong knowledge of MITRE ATT&CK, adversary TTPs, and common detection evasion techniques.
• Hands-on experience building and tuning detections in at least one major SIEM or security data platform.
• Working proficiency in one or more query languages: SQL, KQL, SPL, CQL, PantherFlow, or SnowSQL.
• Familiarity with endpoint (CrowdStrike, SentinelOne), identity (Okta, Azure AD), cloud (AWS, Google Cloud Platform, Azure), and SaaS (Google Workspace, GitHub, Salesforce) telemetry.
• Proficiency in Python or similar scripting language for automation, tooling, and integration work.
• Excellent communication skills with the ability to translate detection findings into actionable SOC and engineering tasks.
• Must be located in the SF Bay Area or willing to travel to our San Francisco office on a regular cadence. NICE TO HAVE
• Relevant certifications such as GCIH, GCIA, GCDA, GCFA, or CySA+.
• Experience with detection-as-code frameworks and SOAR automation platforms.
• Background in threat hunting, purple team exercises, or adversary emulation.
• CrowdStrike (CCFA, CCSE) or Zscaler (ZDTA, ZDTE, ZDXA, ZTCA) certifications
Interested in hearing more? Easy Apply now by clicking the "Apply Now" button.
Jobot is an Equal Opportunity Employer. We provide an inclusive work environment that celebrates diversity and all qualified candidates receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, age (40 and over), disability, military status, genetic information or any other basis protected by applicable federal, state, or local laws. Jobot also prohibits harassment of applicants or employees based on any of these protected categories. It is Jobot's policy to comply with all applicable federal, state and local laws respecting consideration of unemployment status in making hiring decisions.
Sometimes Jobot is required to perform background checks with your authorization. Jobot will consider qualified candidates with criminal histories in a manner consistent with any applicable federal, state, or local law regarding criminal backgrounds, including but not limited to the Los Angeles Fair Chance Initiative for Hiring and the San Francisco Fair Chance Ordinance.
Information collected and processed as part of your Jobot candidate profile, and any job applications, resumes, or other information you choose to submit is subject to Jobot's Privacy Policy, as well as the Jobot California Worker Privacy Notice and Jobot Notice Regarding Automated Employment Decision Tools which are available at jobot.com/legal.
By applying for this job, you agree to receive calls, AI-generated calls, text messages, or emails from Jobot, and/or its agents and contracted partners. Frequency varies for text messages. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You can reply STOP to cancel and HELP for help. You can access our privacy policy here: jobot.com/privacy-policy
Software Security Firm looking for Detection Response Engineer
This Jobot Consulting Job is hosted by: John Erwin
Are you a fit? Easy Apply now by clicking the "Apply Now" button and sending us your resume.
Salary: $50 - $80 per hour
A bit about us:
We are a Software Consulting firm working with enterprise and start companies that are AI driven and we are developing some of the most cutting edge software/security solutions platforms in the world
Why join us?
• Competitive Compensation
• Work on incredible projects that are fun and challenging
• Full Benefits (Medical, Vision, Dental)
• 401k
• Long term Contract to Hire opportunity
Job Details
Seeking a mid-level Detection & Response Engineer who will own the design, implementation, and tuning of detection content across customer SIEM and security data platforms. Working closely with customer security operations and engineering peers, you will translate adversary tradecraft into durable coverage, engineer the incident response playbooks customer SOCs actually run, and build detection-as-code pipelines that ship security content with production-grade rigor. This position is based in our SF office on a hybrid schedule; candidates outside the Bay Area who are willing to travel regularly are also encouraged to apply.
Responsibilities
• Build, tune, and maintain detection logic across customer SIEM and security data platforms (Panther, Microsoft Sentinel, Splunk, or similar).
• Develop correlation rules, scheduled queries, and multi-stage alert pipelines tailored to each customer's environment and threat profile.
• Translate adversary tactics, techniques, and procedures (MITRE ATT&CK, threat intel, red-team findings) into high-fidelity detections.
• Perform detection coverage gap analyses against customer threat models and recommend prioritized improvements.
• Integrate detection-as-code practices into CI/CD pipelines for security content (version control, peer review, automated testing).
• Build SOAR workflows and automation that reduce manual toil in alert triage, enrichment, and response.
• Lead threat modeling sessions with customer security and engineering teams to identify attack paths and detection requirements.
• Write and maintain documentation, runbooks, and architecture decision records (ADRs) for detection content and incident response playbooks.
Qualifications
• 3 to 5 years of experience in detection engineering, security operations, or incident response.
• Strong knowledge of MITRE ATT&CK, adversary TTPs, and common detection evasion techniques.
• Hands-on experience building and tuning detections in at least one major SIEM or security data platform.
• Working proficiency in one or more query languages: SQL, KQL, SPL, CQL, PantherFlow, or SnowSQL.
• Familiarity with endpoint (CrowdStrike, SentinelOne), identity (Okta, Azure AD), cloud (AWS, Google Cloud Platform, Azure), and SaaS (Google Workspace, GitHub, Salesforce) telemetry.
• Proficiency in Python or similar scripting language for automation, tooling, and integration work.
• Excellent communication skills with the ability to translate detection findings into actionable SOC and engineering tasks.
• Must be located in the SF Bay Area or willing to travel to our San Francisco office on a regular cadence. NICE TO HAVE
• Relevant certifications such as GCIH, GCIA, GCDA, GCFA, or CySA+.
• Experience with detection-as-code frameworks and SOAR automation platforms.
• Background in threat hunting, purple team exercises, or adversary emulation.
• CrowdStrike (CCFA, CCSE) or Zscaler (ZDTA, ZDTE, ZDXA, ZTCA) certifications
Interested in hearing more? Easy Apply now by clicking the "Apply Now" button.
Jobot is an Equal Opportunity Employer. We provide an inclusive work environment that celebrates diversity and all qualified candidates receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, age (40 and over), disability, military status, genetic information or any other basis protected by applicable federal, state, or local laws. Jobot also prohibits harassment of applicants or employees based on any of these protected categories. It is Jobot's policy to comply with all applicable federal, state and local laws respecting consideration of unemployment status in making hiring decisions.
Sometimes Jobot is required to perform background checks with your authorization. Jobot will consider qualified candidates with criminal histories in a manner consistent with any applicable federal, state, or local law regarding criminal backgrounds, including but not limited to the Los Angeles Fair Chance Initiative for Hiring and the San Francisco Fair Chance Ordinance.
Information collected and processed as part of your Jobot candidate profile, and any job applications, resumes, or other information you choose to submit is subject to Jobot's Privacy Policy, as well as the Jobot California Worker Privacy Notice and Jobot Notice Regarding Automated Employment Decision Tools which are available at jobot.com/legal.
By applying for this job, you agree to receive calls, AI-generated calls, text messages, or emails from Jobot, and/or its agents and contracted partners. Frequency varies for text messages. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You can reply STOP to cancel and HELP for help. You can access our privacy policy here: jobot.com/privacy-policy
