Manager, Information Security - Detection Engineering

LinkedIn is the world’s largest professional network, built to create economic opportunity for every member of the global workforce. Our products help people make powerful connections, discover exciting opportunities, build necessary skills, and gain valuable insights every day. We’re also committed to providing transformational opportunities for our own employees by investing in their growth. We aspire to create a culture that’s built on trust, care, inclusion, and fun – where everyone can succeed.

Join us to transform the way the world works.

At LinkedIn, our approach to flexible work is centered on trust and optimized for culture, connection, clarity, and the evolving needs of our business. This role may be remote or hybrid. At LinkedIn, hybrid roles are performed both from home and from a LinkedIn office on select days, as determined by the business needs of the team. Remote roles are performed from the designated home work location upon time of hire, and any changes to this home work location requires a review of remote status and approval.

LinkedIn's members entrust us with their information every day and we take their security seriously. Our core value of putting our members first powers all the decisions we make, including how we manage and protect the data of our members and customers. We never stop working to ensure LinkedIn is secure. We follow industry standards and have developed our own best practices to stay ahead of the increasing number of threats facing all Internet services and infrastructure. LinkedIn is looking for an experienced Engineering Manager to lead the Detection Engineering team in the US and to be an integral part of our Information Security organization. The Detection Engineering team is responsible for developing and maintaining threat detection capabilities, security monitoring systems, and detection rules to protect our infrastructure, applications, and, most importantly, our members. This is a key role in supporting and growing our security detection and monitoring capabilities.

Responsibilities:

Leadership and Team Management

• Lead and manage the detection engineering team, including hiring, training, and mentoring team members.

• Develop and maintain detection engineering policies, procedures, infrastructure, and guidelines.

• Coordinate and oversee all activities of the detection engineering team during threat detection development and implementation.

Detection Development and Management

• Serve as the primary point of contact for all threat detection development and enhancement initiatives.

• Ensure timely development, testing, and deployment of detection rules and monitoring capabilities.

• Conduct post-deployment analysis and create detailed reports on detection effectiveness with KPIs, including tuning recommendations and optimization strategies.

Communication and Coordination

• Communicate detection development status, updates, metrics and reporting, and capabilities to senior management, stakeholders, and security teams regularly.

• Coordinate with internal and external teams, including security operations, defense infrastructure, incident response, and product engineering teams to develop and maintain effective detection capabilities.

• Develop and maintain an effective detection engineering communication plan.

Continuous Improvement

• Continuously evaluate and improve detection engineering processes, tools, and capabilities.

• Conduct and report on regular detection testing and validation exercises to test and refine detection rules and monitoring systems.

• Stay current with emerging threats, attack techniques, and detection technologies to enhance the detection engineering program.

Reporting and Documentation

• Maintain comprehensive documentation of all detection rules, including development rationale, testing results, and performance metrics.

• Prepare and present detection engineering reports and metrics to senior leadership and stakeholders.

• Ensure compliance with regulatory requirements and industry standards related to threat detection and monitoring.

Training and Awareness

• Develop and deliver detection engineering training programs for team members and other relevant personnel.

• Promote security detection awareness and best practices across the organization.

• Ensure the detection engineering team is up-to-date with the latest tools, techniques, and procedures.

Budget and Resource Management

• Manage the detection engineering budget and allocate resources effectively.

• Evaluate and recommend tools, technologies, and services to enhance the detection engineering program.

• Ensure the team has the necessary resources and support to perform their duties effectively.

Basic Qualifications:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related technical discipline, or equivalent practical experience.

• 1+ year(s) of management experience or 1+ year(s) of staff level engineering experience with management training.

• 7+ years of experience in cybersecurity, with a focus on detection engineering, security monitoring, threat intelligence, incident response, or related security roles.

• Experience leading or managing a cybersecurity, incident response, or detection engineering team.

• Experience in cybersecurity frameworks and standards (e.g., NIST, MITRE ATT&CK, OCSF).

• Experience in detection engineering tools and technologies (e.g., Query Languages, CI/CD, YARA, Sigma rules, threat intelligence platforms).

• Experience with threat analysis, detection rule development, automation engineering, and security monitoring optimization.

• Project management experience with managing budgets and resources.

Preferred Qualifications:

• Master's degree in Cybersecurity, Information Assurance, or a related field.

• 10+ years of experience in cybersecurity, with significant experience in detection engineering, threat intelligence, or incident response.

• 3+ years of management experience in building small to medium-sized teams, demonstrating growth and a track record of successful deliveries.

• Ability to work under pressure and manage multiple detection development projects simultaneously as well as managing an oncall team.

• Relevant certifications (e.g., CISSP, CISM, GCIH, GCFA, SANS).

• Experience in developing and delivering detection engineering training and awareness programs.

• Strong proficiency in Kusto Query Language (KQL) and SQL.

• Proficiency in programming or scripting languages (e.g., Python, Go, etc.) for automating detection development and testing processes.

• Experience with cloud security and detection engineering in cloud environments especially Azure.

• Knowledge of advanced threat detection techniques, including threat hunting and behavioral analysis as well as applied threat intelligence.

• Familiarity with detection engineering frameworks and best practices (e.g., Sigma, YARA, STIX/TAXII, OCSF).

• Strong communication skills, both written and verbal, with the ability to convey complex technical information to non-technical stakeholders.

Suggested Skills :

• Security Information and Event Management (SIEM)

• Query languages (KQL, SPL, SQL, Elastic, etc.)

• Detection Rule Development (YARA, Sigma)

• Scripting and Automation (e.g., Python, PowerShell, SQL)

• Threat Intelligence Integration

• Cloud Security (e.g., Azure, GCP)

You will Benefit from our Culture

We strongly believe in the well-being of our employees and their families. That is why we offer generous health and wellness programs and time away for employees of all levels. LinkedIn is committed to fair and equitable compensation practices. The pay range for this role is $152,000 - $248,000. Actual compensation packages are based on a wide array of factors unique to each candidate, including but not limited to skill set, years & depth of experience, certifications and specific office location. This may differ in other locations due to cost of labor considerations. The total compensation package for this position may also include annual performance bonus, stock, benefits and/or other applicable incentive compensation plans. For additional information, visit: https://careers.linkedin.com/benefits.

Equal Opportunity Statement 

We seek candidates with a wide range of perspectives and backgrounds and we are proud to be an equal opportunity employer. LinkedIn considers qualified applicants without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other legally protected class.

LinkedIn is committed to offering an inclusive and accessible experience for all job seekers, including individuals with disabilities. Our goal is to foster an inclusive and accessible workplace where everyone has the opportunity to be successful.

If you need a reasonable accommodation to search for a job opening, apply for a position, or participate in the interview process, connect with us at [email protected] and describe the specific accommodation requested for a disability-related limitation.

Reasonable accommodations are modifications or adjustments to the application or hiring process that would enable you to fully participate in that process. Examples of reasonable accommodations include but are not limited to:

• Documents in alternate formats or read aloud to you
• Having interviews in an accessible location
• Being accompanied by a service dog
• Having a sign language interpreter present for the interview

A request for an accommodation will be responded to within three business days. However, non-disability related requests, such as following up on an application, will not receive a response.

LinkedIn will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by LinkedIn, or (c) consistent with LinkedIn's legal duty to furnish information.

San Francisco Fair Chance Ordinance ​

Pursuant to the San Francisco Fair Chance Ordinance, LinkedIn will consider for employment qualified applicants with arrest and conviction records.

Pay Transparency Policy Statement ​

As a federal contractor, LinkedIn follows the Pay Transparency and non-discrimination provisions described at this link: https://lnkd.in/paytransparency.

Global Data Privacy Notice for Job Candidates ​

Please follow this link to access the document that provides transparency around the way in which LinkedIn handles personal data of employees and job applicants: https://legal.linkedin.com/candidate-portal.