20 days old

Senior Detection Engineer

SageNet, LLC.
Tulsa, OK 74103
  • Job Code

Company Overview

SageNet is passionate about trusted connections. As a leader in managed network and cybersecurity services, the company connects, manages and protects technologies and devices across the enterprise. SageNet provides world-class service and support via our three US-based 24/7 Network Operations Centers and a nationwide field service organization.

Job Purpose

The Senior Detection Engineer is a highly specialized senior individual with aspirations in threat intelligence, zero-day analysis, signature definition and policy creation. This individual will be responsible for the creation, curation, integration, and documentation of SageNet security intelligence content and correlation logic. The Senior Detection Engineer will also be responsible for the alerting platform and back-end maintenance and improvement. This role will serve to provide mentorship and review of other members of the content engineering team. The person in this role will also work with SageNets SIEM Engineering team to help review data normalization to fit detection needs. Additionally, this position will conduct analyst team trainings on emerging threats and internal technology from a threat intelligence perspective.

Duties and Responsibilities

  • Research, document, and develop attack detections for a range of client environments and product data sources

  • Create investigative documentation for analyst and client consumption

  • Develop and implement investigative playbooks in SageNet SOAR Platform

  • Perform ongoing reviews of existing security content for accuracy, applicability, and potential upgrade

  • Provide quarterly new content reports specific to each client/client vertical

  • Maintain and improve the current detection engine

  • Manage SOAR platform used for alert automation


  • Ability to translate attacker techniques into high fidelity detection use cases

  • Deep understanding of MITRE ATT&CK framework

  • Python experience

  • Background in incident alert investigation and response preferred

  • Knowledge of threat signals created by various endpoint and network-based products

  • Understanding of SIEM data ingestion and normalization

  • Familiarity with AWS is a plus

Working Conditions

  • Work productively in a corporate office space, remotely, or while travelling to customer sites

  • Business casual in office, and business professional in front of customers

  • Requires some nights, weekends, and overnight travel

Physical Requirements

  • Be able to sit for long periods of time without issues

  • Be able to stand for long periods of time while giving presentations

  • Extensive use of hands and fingers for typing, handling baggage, and paperwork

  • Extensive use of eyes for reviewing contracts and data on a computer screen



Position Type

Full Time

Travel Requirements

0-25% travel

Attention All Third-Party Agencies, Headhunters, and Recruiters
SageNet will not accept candidate submission by unsolicited third parties through this site or any company email address. All unsolicited candidates presented to SageNet will be considered the property of SageNet. SageNet will not be responsible for any fees associated with unsolicited candidates, nor will a contractual relationship be formed by the submission. SageNet is not obligated and will not under any circumstances pay any fees to said third parties submitting candidates in this manner. SageNet only forms contracts with recruiters with whom we have an established business relationship and with whom we have in place a signed agreement. All contact with SageNet from third parties must be through our Talent Acquisition Department. Any contact made outside of the SageNet Talent Acquisition Department by a third party will cancel any future business relationships between the third party and SageNet.

Please contact Katie.Halstead@SageNet.com for any questions.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractors legal duty to furnish information. 41 CFR 60-1.35(c)


Posted: 2021-11-11 Expires: 2021-12-10
Sponsored by:
ADP Logo
Sponsored by:
Bank of America Logo

Featured Jobs[ View All ]

Featured Employers

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Senior Detection Engineer

SageNet, LLC.
Tulsa, OK 74103

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast