Senior Threat Detection Engineer

5+ years of professional experience in two or more domains, including: detection engineering, data engineering, incident response, threat hunting, threat intelligence Refine, validate and exercise our Threat Detection and Response Programs. Ability to measure detection coverage across common frameworks (e.g. NIST CSF, MITRE, KC) and simplify rules and configurations to optimize alerts Develop detection techniques to protect our evolving environment. Ability to automate tasks via scripting, automating inputs and outputs of APIs, and programming skills such as python to enable detection engineering tasks Exceptional interpersonal, organizational, and communication skills and ability to internalize and exemplify Lantern’s LIGHT Values. Experience in healthcare or regulated industries. Certifications such as GCDA, GCTI, OSCP, or similar. Experience with Sigma rules, YARA, and threat modeling. Hands-on technical contributor with demonstrated ability to execute and deliver engineering projects impacting security posture in complex and fast-changing environments. Experience designing, coding, and deploying security solutions, comfortable with Python and at least one of: Java, Go, C++, JavaScript, Rust, SQL, or TypeScript. Practical skills with security tools and scripting: you design, build, and maintain solutions, not just click in a UI. Experience writing or refining detection logic for SIEM, EDR, NDR, WAF, or similar, and a record of tuning signals and controls for high fidelity and low noise through real-world testing and iteration. Proven ability to analyze and defend modern cloud and on-premises environments: you know how to break and fix systems, leveraging tools like CloudTrail, Security Hub, etc. Track record of hands-on threat hunting and incident response, using your engineering skill to create new detections and automate investigation processes. In-depth knowledge of attacker TTPs and a technical mindset for designing countermeasures that can be implemented and measured. Thrives in a team environment, supporting and mentoring peers with your engineering experience, and eager to tackle the next technical challenge.

Design, implement, and tune detection rules and logic across SIEM, EDR, and cloud platforms. Develop and maintain threat detection use cases based on MITRE ATT&CK and other frameworks. Perform threat hunting and anomaly detection using behavioral analytics and telemetry. Collaborate with IAM, Data Protection, cloud security, and engineering teams to improve detection coverage. Analyze threat intelligence and integrate findings into detection strategies. Directly monitor, test, and calibrate detection use cases; analyze data to minimize false positives and maximize actionable alerts—proposing and executing code changes to achieve measurable improvements. Lead purple team exercises and detection validation efforts. Maintain technical documentation by directly managing the materials and summaries of your own work and solutions, and by actively communicating updates to stakeholders. Develop use-cases based on intelligence, red team results, and incident data Write detection and correlation rules to identify threats across our stack Assist in onboarding logs and identifying gaps in logs or alert results Develop a deep understanding of data models, macros, indexes, sources, and field alias and the technology foundation our detection stack is built Understand data schema/API standards, automation, and messaging systems Bring a metric-driven mindset to our rules, signals (IOCs), and alerts Other duties as assigned, we are one family and help each other.