Jobot
Detection Response Engineer
⭐ - Featured Role | Apply direct with Data Freelance Hub
This role is for a Detection Response Engineer on a long-term contract, offering $50 - $80 per hour. Key skills include SIEM experience, MITRE ATT&CK knowledge, and proficiency in SQL or KQL. Candidates must be located in the SF Bay Area or willing to travel.
🌎 - Country
United States
💱 - Currency
$ USD
-
💰 - Day rate
640
-
🗓️ - Date
April 18, 2026
🕒 - Duration
Unknown
-
🏝️ - Location
Hybrid
-
📄 - Contract
Unknown
-
🔒 - Security
Unknown
-
📍 - Location detailed
San Francisco, CA
-
🧠 - Skills detailed
#Scripting #Azure #Automated Testing #AWS (Amazon Web Services) #Documentation #Consulting #ERWin #AI (Artificial Intelligence) #KQL (Kusto Query Language) #Automation #Python #Splunk #Cloud #Security #Version Control #SaaS (Software as a Service) #GCP (Google Cloud Platform) #SQL (Structured Query Language) #SnowSQL #GitHub
Role description
Want to learn more about this role and Jobot Consulting? Click our Jobot Consulting logo and follow
our LinkedIn page!
Job details:
Software Security Firm looking for Detection Response Engineer
This Jobot Consulting Job is hosted by: John Erwin
Are you a fit? Easy Apply now by clicking the "Easy Apply" button
and sending us your resume.
Salary: $50 - $80 per hour
A bit about us:
We are a Software Consulting firm working with enterprise and start companies that are AI driven and we are developing some of the most cutting edge software/security solutions platforms in the world
Why join us?
• Competitive Compensation
• Work on incredible projects that are fun and challenging
• Full Benefits (Medical, Vision, Dental)
• 401k
• Long term Contract to Hire opportunity
Job Details
Seeking a mid-level Detection & Response Engineer who will own the design, implementation, and tuning of detection content across customer SIEM and security data platforms. Working closely with customer security operations and engineering peers, you will translate adversary tradecraft into durable coverage, engineer the incident response playbooks customer SOCs actually run, and build detection-as-code pipelines that ship security content with production-grade rigor. This position is based in our SF office on a hybrid schedule; candidates outside the Bay Area who are willing to travel regularly are also encouraged to apply.
RESPONSIBILITIES
• Build, tune, and maintain detection logic across customer SIEM and security data platforms (Panther, Microsoft Sentinel, Splunk, or similar).
• Develop correlation rules, scheduled queries, and multi-stage alert pipelines tailored to each customer's environment and threat profile.
• Translate adversary tactics, techniques, and procedures (MITRE ATT&CK, threat intel, red-team findings) into high-fidelity detections.
• Perform detection coverage gap analyses against customer threat models and recommend prioritized improvements.
• Integrate detection-as-code practices into CI/CD pipelines for security content (version control, peer review, automated testing).
• Build SOAR workflows and automation that reduce manual toil in alert triage, enrichment, and response.
• Lead threat modeling sessions with customer security and engineering teams to identify attack paths and detection requirements.
• Write and maintain documentation, runbooks, and architecture decision records (ADRs) for detection content and incident response playbooks.
QUALIFICATIONS
• 3 to 5 years of experience in detection engineering, security operations, or incident response.
• Strong knowledge of MITRE ATT&CK, adversary TTPs, and common detection evasion techniques.
• Hands-on experience building and tuning detections in at least one major SIEM or security data platform.
• Working proficiency in one or more query languages: SQL, KQL, SPL, CQL, PantherFlow, or SnowSQL.
• Familiarity with endpoint (CrowdStrike, SentinelOne), identity (Okta, Azure AD), cloud (AWS, GCP, Azure), and SaaS (Google Workspace, GitHub, Salesforce) telemetry.
• Proficiency in Python or similar scripting language for automation, tooling, and integration work.
• Excellent communication skills with the ability to translate detection findings into actionable SOC and engineering tasks.
• Must be located in the SF Bay Area or willing to travel to our San Francisco office on a regular cadence. NICE TO HAVE
• Relevant certifications such as GCIH, GCIA, GCDA, GCFA, or CySA+.
• Experience with detection-as-code frameworks and SOAR automation platforms.
• Background in threat hunting, purple team exercises, or adversary emulation.
• CrowdStrike (CCFA, CCSE) or Zscaler (ZDTA, ZDTE, ZDXA, ZTCA) certifications
Interested in hearing more? Easy Apply now by clicking the "Easy Apply" button.
Want to learn more about this role
and Jobot Consulting?
Click our Jobot Consulting logo and follow our LinkedIn page!\n
Want to learn more about this role and Jobot Consulting? Click our Jobot Consulting logo and follow
our LinkedIn page!
Job details:
Software Security Firm looking for Detection Response Engineer
This Jobot Consulting Job is hosted by: John Erwin
Are you a fit? Easy Apply now by clicking the "Easy Apply" button
and sending us your resume.
Salary: $50 - $80 per hour
A bit about us:
We are a Software Consulting firm working with enterprise and start companies that are AI driven and we are developing some of the most cutting edge software/security solutions platforms in the world
Why join us?
• Competitive Compensation
• Work on incredible projects that are fun and challenging
• Full Benefits (Medical, Vision, Dental)
• 401k
• Long term Contract to Hire opportunity
Job Details
Seeking a mid-level Detection & Response Engineer who will own the design, implementation, and tuning of detection content across customer SIEM and security data platforms. Working closely with customer security operations and engineering peers, you will translate adversary tradecraft into durable coverage, engineer the incident response playbooks customer SOCs actually run, and build detection-as-code pipelines that ship security content with production-grade rigor. This position is based in our SF office on a hybrid schedule; candidates outside the Bay Area who are willing to travel regularly are also encouraged to apply.
RESPONSIBILITIES
• Build, tune, and maintain detection logic across customer SIEM and security data platforms (Panther, Microsoft Sentinel, Splunk, or similar).
• Develop correlation rules, scheduled queries, and multi-stage alert pipelines tailored to each customer's environment and threat profile.
• Translate adversary tactics, techniques, and procedures (MITRE ATT&CK, threat intel, red-team findings) into high-fidelity detections.
• Perform detection coverage gap analyses against customer threat models and recommend prioritized improvements.
• Integrate detection-as-code practices into CI/CD pipelines for security content (version control, peer review, automated testing).
• Build SOAR workflows and automation that reduce manual toil in alert triage, enrichment, and response.
• Lead threat modeling sessions with customer security and engineering teams to identify attack paths and detection requirements.
• Write and maintain documentation, runbooks, and architecture decision records (ADRs) for detection content and incident response playbooks.
QUALIFICATIONS
• 3 to 5 years of experience in detection engineering, security operations, or incident response.
• Strong knowledge of MITRE ATT&CK, adversary TTPs, and common detection evasion techniques.
• Hands-on experience building and tuning detections in at least one major SIEM or security data platform.
• Working proficiency in one or more query languages: SQL, KQL, SPL, CQL, PantherFlow, or SnowSQL.
• Familiarity with endpoint (CrowdStrike, SentinelOne), identity (Okta, Azure AD), cloud (AWS, GCP, Azure), and SaaS (Google Workspace, GitHub, Salesforce) telemetry.
• Proficiency in Python or similar scripting language for automation, tooling, and integration work.
• Excellent communication skills with the ability to translate detection findings into actionable SOC and engineering tasks.
• Must be located in the SF Bay Area or willing to travel to our San Francisco office on a regular cadence. NICE TO HAVE
• Relevant certifications such as GCIH, GCIA, GCDA, GCFA, or CySA+.
• Experience with detection-as-code frameworks and SOAR automation platforms.
• Background in threat hunting, purple team exercises, or adversary emulation.
• CrowdStrike (CCFA, CCSE) or Zscaler (ZDTA, ZDTE, ZDXA, ZTCA) certifications
Interested in hearing more? Easy Apply now by clicking the "Easy Apply" button.
Want to learn more about this role
and Jobot Consulting?
Click our Jobot Consulting logo and follow our LinkedIn page!\n
