AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation.
At AHEAD, we prioritize creating a culture of belonging, where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD.
We are an equal opportunity employer, and do not discriminate based on an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status, or any other protected characteristic under applicable law, whether actual or perceived.
We embrace all candidates that will contribute to the diversification and enrichment of ideas and perspectives at AHEAD.
The Managed Security Team at AHEAD monitors client environments and performs incident detection, validation, and reporting. The Sr SIEM Detection Engineer will be primarily responsible for designing, implementing, and maintaining high‑fidelity detection content within our cloud-based SIEM solutions, and for driving continuous improvement of AHEAD’s Managed Security detection capabilities across all clients.
This is a technical, hands-on position that requires a strong understanding of the needs of a 24/7 Security Operations Center (SOC). We are looking for a candidate with deep SIEM, security operations, and detection engineering experience who will work closely with the Managed Security staff and other highly technical teams, both within AHEAD and in client environments, to continuously improve and enhance AHEAD’s Managed Security SIEM detection strategy, rules, and content.
The ideal candidate possesses strong technical and analytical skills and can provide accurate analysis of security-related problems. They have a well-rounded networking and infrastructure background and are responsible for troubleshooting detection- and data-related issues in client environments. This individual is user-focused and works to resolve client needs in a timely manner. These needs may involve improving or tuning detections, investigating and responding to security threats, and making change requests to security policies and data collection configurations.
The Sr SIEM Detection Engineer is responsible for the day-to-day management and evolution of SIEM detection content used by the Managed Security Team to monitor client environments and detect security threats, including: data ingestion and normalization strategy, enrichment design, detection use case creation and tuning, alert quality and noise reduction, and detection performance monitoring. The Sr SIEM Detection Engineer is expected to be familiar with a wide range of security tools and understand core security detection and threat analysis fundamentals.
Lead and perform detection content development within the SIEM platform (Elastic, Palo XSIAM, Crowdstrike), including:
Creation, tuning, and lifecycle management of detection rules, correlation rules, and analytic stories/use cases
Definition and maintenance of data models, normalization, and enrichment required to support high‑quality detections
Mapping detections to frameworks such as MITRE ATT&CK where applicable
Identify gaps in detection coverage based on incident trends, threat intelligence, and hunt activities
Reduce false positives and improve alert signal‑to‑noise ratio through iterative tuning
Translate playbooks and incident response workflows into robust, testable detection.
Monitor and manage the health and performance of SIEM detection content, including:
Tracking detection firing patterns, volumes, and performance impact.
Conducting post-incident reviews to refine detections and create new coverage.
Ensuring detections remain aligned with client use cases, risk profiles, and contracted scope.
New and existing detections are prioritized based on risk, impact, and available data
Partner with AHEAD Managed Security and client resources in the design and implementation of new data visualizations and detection rules, including:
Building dashboards, visualizations, and investigative views that support triage and hunting
Collaborate with AHEAD Managed Security SOAR (Swimlane) engineering resources to:
Integrate SIEM detections with SOAR workflows for enrichment, triage, and response
Continuously improve incident investigation workflows and automation quality based on detection output
Engage with client security and IT infrastructure teams for new data source onboarding activities, including:
Defining logging, parsing, normalization, and enrichment requirements to support current and planned detections
Validating that ingested data is complete, normalized, and usable for detection engineering
Tune rules, filters, and policies across SIEM and related security technologies (IDS, EDR, firewalls, etc.) to:
Improve accuracy, visibility, and coverage while minimizing noise
Ensure consistent correlation and context across multiple technologies
Perform data mining and exploratory analysis of log sources to:
Uncover and investigate anomalous activity and potential undetected attack patterns
Identify new detection opportunities and support proactive threat hunting
Assist with the development and improvement of processes and procedures for:
Detection lifecycle management (design, testing, deployment, monitoring, retirement)
Improving incident response times, incident quality, and overall Managed Security functions
Participate in client-facing security meetings to:
Explain detection strategy, coverage, and improvements
Experience with Elastic Security and its core components (Elasticsearch, Logstash, Kibana, Filebeat, Elastic Agent), with a focus on detection engineering, rule creation, and data modeling
Strong SIEM administration and configuration experience, particularly around detection use cases, correlation logic, and alert workflows
Experience writing tools or scripts to automate detection-related tasks, data quality checks, and integrations in Python or similar languages
Demonstrated ability to think creatively and build elegant detection solutions to complex security problems
Excellent verbal and written communication skills, including the ability to communicate detection logic and findings to both technical and non‑technical stakeholders
Incident handling/response experience, with a focus on using detections to support and improve IR workflows
Desire to work both independently and collaboratively with a larger managed services and client team
A strong appetite for learning, experimentation, and continuous improvement in detection engineering
2–4 years of experience in Security Detection Engineering, Security Automation, or related disciplines
Hands-on experience with common security technologies: IDS, Firewall, SIEM, SOAR, EDR, endpoint and network security tools
Knowledge of common security analysis tools & techniques, including log analysis, correlation, and anomaly detection
Understanding of common security threats, attack vectors, vulnerabilities, and exploits, and how they manifest in telemetry
Strong regular expression skills and familiarity with query languages used in SIEM platforms
Customer service focused and portrays energy, professionalism, and welcoming characteristics
Strong ability to work in a highly sensitive and confidential environment
Ability to meet deadlines and perform effectively under pressure
Ability to identify issues and help develop strategic and tactical plans for Managed Security and detection-related initiatives
Ability to use good judgment and decision-making skills in ambiguous or complex detection and incident scenarios
Bachelor’s Degree in Computer Science, Information Security, or related/equivalent educational or work experience
One or more of the following certifications is preferred: CISSP, GCIA, GCIH, GPYC, GMON, GCDA, Elastic Certified Engineer
Ardent MCRemote
Zscaler