Staff Detection and Response Engineer

The world’s most sophisticated companies rely on AlphaSense to remove uncertainty from decision-making. With market intelligence and search built on proven AI, AlphaSense delivers insights that matter from content you can trust. Our universe of public and private content includes equity research, company filings, event transcripts, expert calls, news, trade journals, and clients’ own research content.

The acquisition of Tegus by AlphaSense in 2024 advances our shared mission to empower professionals to make smarter decisions through AI-driven market intelligence. Together, AlphaSense and Tegus will accelerate growth, innovation, and content expansion, with complementary product and content capabilities that enable users to unearth even more comprehensive insights from thousands of content sets. Our platform is trusted by over 6,000 enterprise customers, including a majority of the S&P 500. Founded in 2011, AlphaSense is headquartered in New York City with more than 2,000 employees across the globe and offices in the U.S., U.K., Finland, India, Singapore, Canada, and Ireland. Come join us!

The Staff Detection and Response Engineer is a critical technical role responsible for driving the organization's defensive security capabilities across detection engineering, security orchestration, automation, and response (SOAR), and co-leading the organization's threat hunting program. This role is crucial for integrating new threat intelligence into high-fidelity detections and automating incident response processes to maximize team efficiency and response speed.

You'll work directly with the Director of Security Monitoring, Detection and Response and collaborate closely with the SOC Manager to co-lead threat hunting initiatives, while partnering with cross-functional security teams to build and scale our security operations capabilities.

You'll be joining a fast-paced security organization that emphasizes automation, engineering-driven approaches, and systematic problem-solving. Our team operates at the intersection of security operations, detection engineering, incident response, and infrastructure security. We value practical solutions, measurable outcomes, and continuous improvement.

• Design, implement, and maintain advanced detection rules and correlation logic across SIEM , EDR, and Cloud platforms (AWS, GCP)
• Lead detection strategy and architecture aligned with the Detection Quality frameworks
• Write high-fidelity detection rules using languages like SIGMA and YARA-L
• Conduct deep log source analysis, perform threat modeling, adversary emulation, and maintain MITRE ATT&CK mapping coverage
• Conduct detection gap analysis to identify coverage opportunities across the kill chain
• Create and maintain detection playbooks, runbooks, and comprehensive documentation
• Perform detection quality assessments and continuous improvement initiatives

• Develop complex automated response playbooks for multi-stage incidents spanning multiple security tools
• Integrate security tools via APIs (SIEM, EDR, MDM, CASB, ITSM, threat intelligence platforms)
• Create automated enrichment pipelines incorporating threat intelligence, asset context, and user behavior analytics
• Develop automated containment actions (account disable, host isolation, firewall rule updates)
• Measure and report automation ROI, tracking metrics like time saved and incident handling efficiency
• Handle Incident Response processes and procedures as needed

• Co-lead the organization's threat hunting program with the SOC Manager, defining strategy, methodology, and campaign planning
• Execute proactive threat hunting campaigns by conducting hunt queries across SIEM and EDR platforms
• Analyze large datasets to identify anomalous behavior patterns including user behavior, process execution, network traffic, and cloud activity
• Develop hunting automation and tooling using custom Python scripts, Jupyter Notebooks, Osquery, and Velociraptor
• Collaborate with threat intelligence sources to incorporate latest TTPs into hunting campaigns

• 7+ years in security operations with 3+ years in detection engineering, including deep expertise in creating high-fidelity rules (SIGMA, YARA-L, KQL, SPL).
• Proven track record of building detection strategies across SIEM, EDR, and Cloud platforms, grounded in the MITRE ATT&CK framework.
• Expert knowledge of SOAR platforms (e.g., Tines, Splunk SOAR, Cortex XSOAR), architecture, and complex playbook development.
• Proven experience designing and implementing SOAR platform architecture from concept to production.
• Advanced scripting and automation development skills in Python (required) for API integrations and security tool orchestration.
• Strong background in threat hunting methodology, hypothesis development, and campaign execution, with experience leading or co-leading hunting programs.
• Proficiency with data analysis, anomaly detection, and hands-on experience with hunting tools like Jupyter Notebooks, Osquery, and Velociraptor.
• Deep understanding of attack techniques, lateral movement, persistence mechanisms, and post-exploitation TTPs across Windows, Linux, and macOS.
• Familiarity with security frameworks including MITRE ATT&CK, PICERL, NIST CSF, and Detection Maturity Models, and incident response best practices.
• Proven ability to lead technical initiatives, mentor team members, and communicate complex technical concepts to diverse audiences.

• Experience with YARA-L.
• Deep familiarity with Detection Frameworks and detection engineering quality frameworks.
• Proven track record implementing SOAR platforms from architecture through operationalization, with experience evaluating multiple platforms.
• Advanced knowledge of CrowdStrike Falcon platform including custom IOA rules.
• Background in purple team activities, adversary emulation, or red teaming.
• Experience with CI/CD practices for detection-as-code and automation-as-code.
• Contributions to open-source security projects or security certifications (GCDA, GCIH, GCIA, GCFA, OSCP, or equivalent).
• Knowledge of security data lakes (Snowflake, BigQuery) and experience with threat intelligence platforms (TIP).
• Published research, blog posts, or conference presentations on detection engineering, automation, or threat hunting topics.

• Strategic Thinker: You design solutions that scale, anticipate future needs, and align with organizational security strategy
• Builder & Architect: You design and build complex systems from the ground up, with focus on maintainability and scalability
• Quality & Precision Focused: You care deeply about detection accuracy, automation reliability, and operational excellence
• Proactive Hunter: You don't wait for alerts—you actively seek threats and continuously question assumptions
• Data-Driven: You use metrics and data analysis to drive decisions, measure impact, and communicate value