Detection Engineering Manager

Job Description:

Detection Engineering Manager

Collaborate with Innovative 3Mers Around the World

Choosing where to start and grow your career has a major impact on your professional and personal life, so it’s equally important you know that the company that you choose to work at, and its leaders, will support and guide you. With a wide variety of people, global locations, technologies and products, 3M is a place where you can collaborate with other curious, creative 3Mers.

This position provides an opportunity to transition from other private, public, government or military experience to a 3M career.

The Impact You Will Make in this Role:

The Detection Engineering Manager is a hands-on, player/coach leader who builds and scales high-fidelity threat detections across enterprise and manufacturing/OT environments. This role is pivotal to reducing attacker dwell time and improving security outcomes by increasing detection coverage, improving signal quality, and enabling faster, more consistent investigations and containment. You will set direction, develop talent, and partner closely with SOC, IR, Threat Intelligence, IT, and OT, while still doing meaningful technical work yourself. The ideal candidate blends deep detection engineering expertise with strong leadership, curiosity, and a drive to continuously raise the bar.

If you love solving hard detection problems, turning adversary behavior into actionable analytics, and building a high-performing engineering culture, this role gives you the runway to make a measurable impact.

Why this Role is different:

• You’ll build: this role expects real technical ownership, not just delegation.
• You’ll lead: you’ll guide a team and set standards that scale.
• You’ll influence: your work directly improves investigation speed, signal quality, and operational outcomes across enterprise and manufacturing.

Key Responsibilities:

Management

• Manage and mentor a team of detection engineers, building a culture of engineering rigor, innovation, and accountability.
• Operate as a hands-on manager: personally own and deliver key detections and technical initiatives while leading team outcomes.
• Define and execute detection engineering strategy aligned with business risk, operational priorities, and organizational goals.
• Own the detection engineering operating rhythm: intake, backlog prioritization, delivery planning, peer review, and continuous improvement.
• Establish quality standards (testing, documentation, validation evidence, monitoring) and ensure detections are production-ready before release.
• Lead initiatives to automate detection engineering workflows (content-as-code, validation pipelines, regression checks) to improve speed and consistency.
• Oversee the lifecycle of detection engineering work, including prioritization, resource allocation, delivery tracking, and performance management.

Technical

• Design, develop, and optimize detection logic, signatures, and analytics across SIEM, EDR, and cloud-native platforms.
• Personally own a portfolio of high-impact detections (complex use cases, top risks, hardest-to-detect behaviors) and mentor the team on broader coverage.
• Translate adversary behaviors into actionable detections using frameworks like MITRE ATT&CK and kill-chain models; measure and expand coverage over time.
• Conduct detection gap analysis and threat modeling to prioritize improvements based on exposure, telemetry readiness, and business impact.
• Build and maintain strong validation practices: testing, replay/verification, tuning, regression checks, and performance monitoring.
• Integrate threat intelligence into detection priorities and workflows to keep detections aligned to the evolving threat landscape.
• Ensure detections are operationally useful: strong context and enrichment, clear severity guidance, and defined next steps for responders.
• Stay current with emerging threats, tools, and techniques; rapidly adapt detections to changing adversary tradecraft.

Organizational

• Partner with SOC, Incident Response, and Threat Intelligence to align detections to investigation workflows, escalation criteria, and containment actions.
• Collaborate with IT, OT/manufacturing stakeholders, and service providers to ensure visibility, logging coverage, and end-to-end detection effectiveness.
• Communicate detection strategy, risk coverage, and outcomes clearly to both technical and non-technical stakeholders, including executive leadership.
• Ensure detection engineering practices support compliance with internal policies and applicable external regulatory requirements.
• Maintain audit-ready documentation and evidence (rationale, test results, change history, ownership, and monitoring insights).

Your Skills and Expertise:

To set you up for success in this role from day one, 3M requires (at a minimum) the following qualifications:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field (completed and verified prior to start) from an accredited university.
• 7+ years of experience in cybersecurity, with at least 3 years in a technical lead or leadership capacity focused on detection engineering, threat detection, or SOC engineering.
• Demonstrated ability to lead teams while remaining hands-on in technical delivery (player/coach model).

Additional qualifications that could help you succeed even further in this role include:

• Master’s degree preferred.
• Hands-on experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, Google Sec Ops) and EDR solutions (e.g., CrowdStrike, Defender for Endpoint).
• Proficiency in detection/query languages and formats (e.g., KQL, SPL, Sigma) and scripting/automation to accelerate detection engineering workflows.
• Proven experience building mature detection lifecycle practices (testing, tuning, monitoring, regression checks, controlled releases).
• Strong knowledge of adversary tactics, techniques, and procedures; ability to map detections to ATT&CK and demonstrate measurable coverage improvements.
• Experience operationalizing threat intelligence into detection priorities and outcomes for advanced threats.
• Excellent analytical and problem-solving skills; comfortable balancing precision, scale, and operational usability.
• Ability to present technical concepts to non-technical audiences and influence cross-functional partners.
• Demonstrated ability to lead, coach, and advise team members across cultural and generational boundaries.
• Passion for automation, continuous improvement, and building durable engineering systems that scale.

Work location: On site in Austin TX

Travel: May include up to 10%

Relocation Assistance: Is authorized

Must be legally authorized to work in country of employment without sponsorship for employment visa status (e.g., H1B status).

Supporting Your Well-being 

3M offers many programs to help you live your best life – both physically and financially. To ensure competitive pay and benefits, 3M regularly benchmarks with other companies that are comparable in size and scope. 

Chat with Max

For assistance with searching through our current job openings or for more information about all things 3M, visit Max, our virtual recruiting assistant on 3M.com/careers. 

Applicable to US Applicants Only:The expected compensation range for this position is $212,947 - $260,268, which includes base pay plus variable incentive pay, if eligible. This range represents a good faith estimate for this position. The specific compensation offered to a candidate may vary based on factors including, but not limited to, the candidate’s relevant knowledge, training, skills, work location, and/or experience. In addition, this position may be eligible for a range of benefits (e.g., Medical, Dental & Vision, Health Savings Accounts, Health Care & Dependent Care Flexible Spending Accounts, Disability Benefits, Life Insurance, Voluntary Benefits, Paid Absences and Retirement Benefits, etc.). Additional information is available at: https://www.3m.com/3M/en_US/careers-us/working-at-3m/benefits/.

Good Faith Posting Date Range 02/17/2026 To 03/19/2026 Or until filled

All US-based 3M full time employees will need to sign an employee agreement as a condition of employment with 3M. This agreement lays out key terms on using 3M Confidential Information and Trade Secrets. It also has provisions discussing conflicts of interest and how inventions are assigned. Employees that are Job Grade 7 or equivalent and above may also have obligations to not compete against 3M or solicit its employees or customers, both during their employment, and for a period after they leave 3M.

Learn more about 3M’s creative solutions to the world’s problems at www.3M.com or on Instagram, Facebook, and LinkedIn @3M.

Responsibilities of this position include that corporate policies, procedures and security standards are complied with while performing assigned duties.

Safety is a core value at 3M. All employees are expected to contribute to a strong Environmental Health and Safety (EHS) culture by following safety policies, identifying hazards, and engaging in continuous improvement.Pay & Benefits Overview: https://www.3m.com/3M/en_US/careers-us/working-at-3m/benefits/

3M does not discriminate in hiring or employment on the basis of race, color, sex, national origin, religion, age, disability, veteran status, or any other characteristic protected by applicable law.

Please note: your application may not be considered if you do not provide your education and work history, either by: 1) uploading a resume, or 2) entering the information into the application fields directly.

3M Global Terms of Use and Privacy Statement

Carefully read these Terms of Use before using this website. Your access to and use of this website and application for a job at 3M are conditioned on your acceptance and compliance with these terms.

Please click on the following links and select the country where you are applying for employment to review the applicable Terms of Use (link here) and Privacy Policy (link here). Before submitting your application, you will be asked to confirm your agreement with the terms.