Senior Detection & Automation Engineer

Location:

Our Cyber Detection & Automation team rolls up into Key’s broader Cyber Defense function within Corporate Information Security.  Cyber Defense’s mission is simple: We aim to Deter, Detect, Deny, and Disrupt adversaries through proactive threat centric defense.

As a senior member of the Cyber Detection & Automation (CDA) team within Key’s Cyber Defense function, you will lead the development of detection logic and automation capabilities that enable our mission to Deter, Detect, Deny, and Disrupt adversaries. This role is pivotal in advancing our threat-centric defense posture by engineering high-fidelity detections, orchestrating response workflows, and mentoring junior engineers.

You will work across SIEM, SOAR, and DAM platforms to build scalable, resilient detection and response capabilities. You’ll also collaborate with Cyber Threat Intelligence, Threat Response, and Engineering teams to ensure our detection strategy aligns with evolving adversary tactics and business risk.

Detection Engineering

• Design and implement detection-as-code rules, alerts, dashboards, and reports across SIEM and log aggregation platforms.
• Translate threat intelligence and adversary TTPs into actionable detection logic using frameworks like MITRE ATT&CK.
• Continuously tune detection content to reduce false positives and improve signal fidelity.

Security Automation

• Develop and maintain SOAR playbooks to automate triage, enrichment, and response actions.
• Identify manual processes suitable for automation and lead their transformation into orchestrated workflows.

Threat Analysis & Content Development

• Perform event correlation and log analysis to validate detection efficacy and identify gaps.
• Conduct trend analysis to identify emerging threats and detection opportunities.
• Document detection use cases and maintain lifecycle documentation using team standards.

Collaboration & Mentorship

• Partner with Cyber Threat Response and Threat Intelligence teams to align detection priorities.
• Escalate confirmed or suspected malicious activity with contextual analysis.
• Mentor junior engineers and contribute to team knowledge sharing and training.

Technical Expertise

• Deep understanding of cyber defense principles, adversary TTPs, and detection engineering.
• Proficiency in scripting languages (PowerShell, Python, JavaScript, Bash), SIEM query languages, and industry formats (Sigma, YARA-L, etc)
• Experience with SOAR platforms and automation development.
• Familiarity with cloud security (Azure, AWS, GCP) and integrating cloud telemetry into detection pipelines.

Operational & Analytical Skills

• Strong problem-solving skills and ability to interpret complex log data.
• Experience in documenting and managing detection content lifecycle.
• Ability to communicate technical concepts to both technical and non-technical audiences.

Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, or related field—or equivalent experience.
• 5+ years in security operations, detection engineering, or threat hunting roles.
• Familiarity with the MITRE ATT&CK and D3FEND framework and adversary TTPs.

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• CompTIA Security+
• GIAC Certified Detection Analyst (GCDA)
• GIAC Cloud Threat Detection (GCTD)
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Intrusion Analyst (GCIA)

COMPENSATION AND BENEFITS

This position is eligible to earn a base salary in the range of $100,000.00 to $150,000.00 annually depending on job-related factors such as level of experience. Compensation for this role also includes eligibility for short-term incentive compensation and deferred incentive compensation subject to individual and company performance. Please click here for a list of benefits for which this position is eligible.

Please click here for a list of benefits for which this position is eligible.

Key has implemented an approach to employee workspaces which prioritizes in-office presence, while providing flexible options in circumstances where roles can be performed effectively in a mobile environment.

Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing [email protected].

#LI-Remote