Senior Detection Engineer

Business Area:

Seniority Level:

Job Description: 

At Cloudera, we empower people to transform complex data into clear and actionable insights. With as much data under management as the hyperscalers, we're the preferred data partner for the top companies in almost every industry.  Powered by the relentless innovation of the open source community, Cloudera advances digital transformation for the world’s largest enterprises.

As a Senior Detection Engineer at Cloudera, you will fortify our security posture by continuously developing, tuning, and refining our alerting and detection capabilities to stay ahead of evolving threats. This role requires deep technical expertise in cybersecurity and data pipelines, alongside strong problem-solving and communication skills to thrive in both independent and collaborative environments.

Within our Incident Response Team, you will bridge threat intelligence, incident response, and the broader engineering ecosystem. By ensuring our visibility and alerting scale alongside the business, your work will empower our 24/7 operations. Success requires building strong cross-functional relationships, maintaining high performance, and exceptional attention to detail.

As a Senior Detection Engineer, you will:

• Develop & Refine Detections: Primarily be responsible for the development of new alerts and constantly tuning and refining our current alerting and detection capabilities to reduce false positives and minimize alert fatigue.

• Align with Incident Response: Communicate proactively with the Incident Response team to determine needed alerting methods and understand the gaps identified during past investigations.

• Collaborate Cross-Functionally: Work throughout the organization with teams such as Engineering, Sales, SRE, and Product Security to determine critical logging sources and security-related datasets that should be analyzed.

• Build Actionable Runbooks: Collaborate with these various teams to identify how to properly detect threats within their specific environments and build actionable runbooks tailored to those domains.

• Optimize Data Ingestion: Assist in the ingestion of new data sources from end products into our SIEM platform, actively working on the parsing of those sources to enable better searching, correlations, and high-fidelity detections.

• Proactively Address Threats: Create detections in a forward-looking manner to address new threats based upon the current cybersecurity environment, threat intelligence, and ongoing adversary campaigns.

• Map Coverage Strategies: Map and track detection coverage against industry-standard frameworks, such as MITRE ATT&CK, to identify and remediate visibility gaps across the enterprise.

We are excited about you if you have:

• Experience: Relevant Educational Degree or Equivalent Cybersecurity Work Experience (3-5 Years), with three or more years of technical experience in Detection Engineering, Security Analytics, Threat Hunting, or Incident Response.

• Analytical Mindset: A robust analytical mindset and self-starter attitude with a genuine interest in forward-thinking Cybersecurity.

• SIEM Proficiency: Deep proficiency with SIEM platforms, including hands-on experience with data ingestion, custom parsing, and advanced query development.

• Threat & Attack Knowledge: Strong understanding of cyber threats, attack techniques, and incident response methodologies.

• Advanced Analytics: Experience leveraging Machine Learning, Deep Learning, or User and Entity Behavior Analytics (UEBA) to build anomaly-based detections that go beyond traditional static rules.

• Coding & Scripting: Scripting and programming proficiency (e.g., Python, Go, Bash) for automating log retrieval, API integrations, and data parsing tasks.

• Environment Telemetry: Proficiency in understanding telemetry and security logging across Cloud Environments (AWS, Azure, GCP), endpoints (macOS, Windows, Linux), and network appliances.

• Communication Skills: Excellent cross-functional communication and relationship-building skills, with the ability to influence and collaborate seamlessly with non-security teams.

You may also have:

• Advanced Certifications: Supporting certifications such as GIAC (e.g., GCDA - Certified Detection Analyst), AWS Certified Security - Specialty, or SIEM-specific vendor certifications.

• AI/ML Integration: Experience utilizing AI assistants (e.g., Copilot, LLMs) to streamline scripting, query generation, and data analysis, as well as familiarity with the OWASP Top 10 for LLMs and "Shadow AI" usage.

• Automation & Orchestration: Experience in Automation and Orchestration, specifically integrating detections with SOAR platforms (e.g., Tines, Splunk Phantom, Torq).

• Environment & Threat Expertise: Knowledge of Threat Intelligence Methodologies to operationalize IOCs and TTPs, and deep experience securing and gaining visibility into Kubernetes environments.

This role is not eligible for immigration sponsorship

What you can expect from us:

• Generous PTO Policy 

• Support work life balance with Unplugged Days

• Flexible WFH Policy 

• Mental & Physical Wellness programs 

• Phone and Internet Reimbursement program 

• Access to Continued Career Development 

• Comprehensive Benefits and Competitive Packages 

• Paid Volunteer Time

• Employee Resource Groups

EEO/VEVRAA

# LI-BV1
#LI-REMOTE