Senior Detection Engineer - Remote Eligible

Who We AreJoin a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for ten consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.

What We DoThe Senior Detection Engineer is an integral member of our Security Operations Center (SOC), responsible for driving the design, validation, and automation of detection content across our environments. This role leverages multiple tools throughout the detection engineering lifecycle and plays a key role in maturing our detection capabilities. You’ll work collaboratively with teams across the organization to provide comprehensive detection coverage, stable deployment systems, continuous validation, and quality measurements.
This role is open to remote candidates located in the US. There is periodic travel required for this position.

What You’ll Do

• Author and tune detection content across SIEM, EDR, and cloud-native platforms to ensure high-fidelity coverage of critical threat scenarios.
• Act as a key stakeholder in the design and implementation of CI/CD pipelines for detection content, using infrastructure-as-code and version control for consistent, reproducible deployments.
• Develop and execute automated tests to validate the accuracy, performance, and reliability of detection content.
• Manage version control and branching strategies for detection content and supporting scripts; coordinate the promotion of changes through build pipelines.
• Operate and leverage a dedicated detection lab for testing and validation; collaborate with platform teams to enhance lab capabilities as needed.
• Collaborate closely across the SOC and broader engineering teams to ensure detection content is informed by diverse perspectives and aligned with evolving operational needs.

What You’ll Bring

• Proficiency in writing detection content in multiple query languages (e.g., Splunk SPL, KQL) and strong scripting ability in Python, Bash, or similar languages for automation and integrations.
• Strong understanding of network protocols, firewalls, intrusion detection systems, endpoint security solutions, and major cloud environments (Azure, AWS, GCP), and how they intersect with application development and security workflows.
• Solid understanding of MITRE ATT&CK, Sigma rules, and security analytics best practices; adept at authoring and versioning rule sets.
• Operational knowledge of Git workflows, branching models, and CI/CD concepts, with demonstrated experience informing and improving pipelines for detection content.
• Demonstrated experience operating, optimizing, and leveraging detection testing labs.
• Excellent analytical skills to identify, analyze, and resolve complex engineering issues.
• Strong verbal and written communication skills, including the ability to create clear technical documentation and deliver effective presentations.
• Ability to manage multiple high-priority projects and tasks effectively, ensuring alignment with strategic security goals.
• Minimum 5+ years in detection engineering, security automation, or SOC engineering roles.
• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field—or equivalent work experience.
• Certifications such as Splunk Certified Admin, GCDA, GCIA, CISSP, OSCP.
• Familiarity with threat modeling methodologies (e.g., STRIDE) and their application to detection design.

Salary Range: $109,700.00 - $146,200.00

This hiring range is a reasonable estimate of the base pay range for this position at the time of posting.  Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location.

What We OfferBy choice, we don’t simply accept individuality – we embrace it, we support it, and we thrive on it! Our People First Culture celebrates diversity, equity and inclusion not simply because it’s the right thing to do, but also because it’s the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term.

First American will consider for employment all qualified applicants, including those with arrest or conviction records, in a manner consistent with the requirements of applicable state and local laws (e.g., the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act).

First American intends to conduct a review of an applicant’s criminal history in connection with a conditional offer. First American reasonably believes that a criminal history may have a direct, adverse and negative relationship with the following material job duties for this position potentially resulting in the withdrawal of the conditional offer of employment: handling of confidential, proprietary or trade secret information belonging to First American or its customers, administrating or facilitating financial transactions, and the ability to meet customer-imposed criminal history requirements.

Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.