Senior Detection Engineer

The Red Canary Detection Engineering team at Zscaler continues to push the boundaries of threat detection and response with a unique combination of operations, threat research, and engineering in tight integration with the development team that designs our analysis platform and the Red Canary Threat Detection Engine. The security landscape is always shifting and introducing new adversaries and our team operates 24/7 to track down threats in endpoint data and deliver fast and practical detections to our customers.

Role

We are looking for an experienced Senior Detection Engineer to join our Detection Engineering team. This is a remote role, reporting to the Manager, Detection Engineering. You will utilize our detection platform to analyze EDR telemetry, alerts, and log sources across several detection domains including Endpoint, Identity, SIEM, and Cloud. By researching coverage opportunities, creating and tuning detectors, and leading projects to improve the Detection Engineering workflow through orchestration and automation, you will ensure our customers receive high-fidelity threat analysis and concisely written communication regarding emerging threats.

What you’ll do (Role Expectations)

• Analyze EDR telemetry, alerts, and log sources across several detection domains including Endpoint, Identity, SIEM, and Cloud/SaaS

• Publish threats for customers using concisely written communication to effectively convey key indicators and remediation context

• Research coverage opportunities to create new detectors and tune existing ones to ensure high-fidelity detection

• Improve the Detection Engineering workflow through orchestration and automation to manage high volumes of telemetry

• Provide mentorship to peers and lead projects that improve the quality of life for both the customer and the CIRT

Who You Are (Success Profile)

• You thrive in ambiguity. You're comfortable building the path as you walk it. You thrive in a dynamic environment, seeing ambiguity not as a hindrance, but as the raw material to build something meaningful.

• You act like an owner. Your passion for the mission fuels your bias for action. You operate with integrity because you genuinely care about the outcome. True ownership involves leveraging dynamic range: the ability to navigate seamlessly between high-level strategy and hands-on execution.

• You are a problem-solver. You love running towards the challenges because you are laser-focused on finding the solution, knowing that solving the hard problems delivers the biggest impact.

• You are a high-trust collaborator. You are ambitious for the team, not just yourself. You embrace our challenge culture by giving and receiving ongoing feedback—knowing that candor delivered with clarity and respect is the truest form of teamwork and the fastest way to earn trust.

• You are a learner. You have a true growth mindset and are obsessed with your own development, actively seeking feedback to become a better partner and a stronger teammate. You love what you do and you do it with purpose.

What We’re Looking for (Minimum Qualifications)

• Strong experience in Endpoint (MDR) and one or more functional areas including Cloud/SaaS, Identity, Email, or SIEM

• Proven experience with automation and orchestration to effectively handle an extreme volume of telemetry and logs

• Expertise using query languages and understanding syntax across EDR or other security platforms such as SQL or Lucene

• Experience creating and tuning detectors or rules using tools such as YARA, SIGMA, Snort, Splunk, or Elastic

• Ability to work the required shift from Wednesday to Saturday, 5pm MST – 3am MST

What Will Make You Stand Out (Preferred Qualifications)

• Active involvement in the Infosec community through writing blogs, participating in webinars, or presenting at conferences

• Experience using version control software such as GitHub or CircleCI for the deployment of detectors and rules

• Previous professional experience in a Red Team or offensive security capacity