Detection Engineer, Google SecOps | Remote, USA

We are looking for a highly motivated Detection Engineer to join our growing team. In this role, you will be instrumental in developing, deploying, and refining the detection logic that protects our diverse client base. You'll gain invaluable experience mastering the Google SecOps ecosystem, translating threat intelligence into actionable detections, and collaborating closely with our SOC analysts and security engineers to stay ahead of the latest adversary techniques. This is a foundational role designed for growth, providing direct mentorship and a clear path to becoming a detection expert.

How you'll make an impact:

• Develop & Refine Detections: Under the guidance of senior engineers, assist in designing, writing, testing, and deploying high-fidelity detection rules
• Google SecOps Expertise: Deepen your understanding and hands-on experience with Chronicle SIEM to enhance detection capabilities.
• Telemetry Analysis: Work with rich security telemetry from various sources (endpoint, network, cloud, identity, application logs) ingested into Chronicle, identifying data points crucial for effective detection.
• Threat Intelligence Application: Learn to operationalize threat intelligence, converting adversary TTPs and IOCs into concrete detection logic.
• Tuning & Optimization: Monitor the performance of existing detections, analyze false positives/negatives, and contribute to tuning efforts to improve signal-to-noise ratio for our SOC analysts.
• Threat Hunting Support: Assist in developing and executing targeted queries within Chronicle to proactively search for emerging threats and previously undetected activities.
• Tooling & Automation: Gain experience with SOAR tools, supporting the integration of detection workflows and data enrichment processes.
• Collaboration: Work closely with SOC analysts, Threat Hunters, and fellow Detection Engineers to understand operational needs, incident trends, and areas for detection improvement.
• Documentation: Contribute to clear and concise documentation of detection logic, use cases, and testing procedures.
• Stay Current: Continuously research new attacker techniques, security vulnerabilities, and advancements in the Google SecOps suite.

What we're looking for:

• Experience: 1-3 years of hands-on experience in a cybersecurity role, such as a SOC Analyst, Incident Responder I, Junior Security Engineer, or a similar role focused on threat analysis.
• Foundational Security Knowledge:
• Strong understanding of cybersecurity principles, common attack vectors, and defensive strategies.
• Familiarity with networking concepts (TCP/IP, common protocols) and operating system internals (Windows, Linux, macOS).
• Basic knowledge of cloud computing concepts, especially GCP.
• Hands-on Google SecOps (Highly Preferred):
• Some practical experience with Google Chronicle Security Operations is a significant advantage.
• Familiarity with YARA-L or a strong aptitude to learn it quickly.
• Eagerness to become a specialist in the Google SecOps ecosystem.
• Querying & Scripting Skills:
• Proficiency with query languages used in SIEM platforms (e.g., familiarity with SPL, KQL, SQL, or similar; will train on YARA-L).
• Exposure to or strong desire to learn a scripting language for automation and data analysis (Python highly preferred).
• Analytical & Problem-Solving: Demonstrated ability to analyze security events, identify patterns, and contribute to solutions.
• Communication & Collaboration: Excellent verbal and written communication skills to effectively collaborate with team members and understand requirements.
• Proactive & Curious: A strong desire to learn, adapt, and proactively contribute in a fast-paced, evolving threat landscape.
• Education: Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related technical field, or equivalent practical experience and certifications.
• Any relevant industry certifications (e.g., CompTIA Security+, CySA+, Google Cybersecurity Certificate, GSEC, GCIH) preferred.
• Experience or strong interest in threat hunting preferred.
• Familiarity with MITRE ATT&CK framework, Sigma, and Detection-as-Code preferred.
• Contributions to open-source security projects or personal security projects preferred.
• Experience working in an MDR or MSSP environment preferred.

Why join us?

• Accelerated Growth: This role is designed for rapid learning, providing mentorship from senior experts and opportunities to specialize in cutting-edge platforms.
• Real-World Impact: Your work directly contributes to securing real businesses from cyber threats every single day.
• Google SecOps Specialization: Become a go-to expert in one of the most powerful and in-demand cloud security platforms on the market.
• Collaborative Culture: Join a supportive, inclusive, and passionate team where knowledge sharing and mutual growth are highly valued.
• Diverse Challenges: Work with a wide array of client environments and threat scenarios, expanding your technical breadth.

What you can expect from Optiv

• A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups.
• Work/life balance
• Professional training resources
• Creative problem-solving and the ability to tackle unique, complex projects
• Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.
• The ability and technology necessary to productively work remotely/from home (where applicable)

EEO Statement

Optiv is an equal opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity or expression, sexual orientation, pregnancy, age 40 and over, marital status, genetic information, national origin, status as an individual with a disability, military or veteran status, or any other basis protected by federal, state, or local law.

Optiv respects your privacy. By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv’s selection and recruitment activities. For additional details on how Optiv uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice. If you sign up to receive notifications of job postings, you may unsubscribe at any time.