Fast Facts

Pluralsight is seeking a Senior Detection Engineer to enhance their Security Engineering & Operations team, focusing on building detection logic and managing SIEM technologies to ensure effective security monitoring.

Responsibilities: Design and develop high-fidelity detection rules, provide Tier 3 operational support, manage SIEM architecture and data onboarding, as well as collaborate with managed detection providers.

Skills: Proficiency in SIEM content development, strong scripting skills (Python, Bash, etc.), deep understanding of information security principles, and familiarity with cloud security detection strategies.

Qualifications: 3+ years of experience in detection engineering, a relevant bachelor’s degree, and recognized certifications such as GCIA or CEH.

Location: Remote - USA, applicants within 45 miles of Westlake/Dallas, TX office should expect to work on-site Tuesday through Thursday, with remote flexibility on Mondays and Fridays.

Compensation: $117100 - $154000 / Annually

Job Description:

Pluralsight is the technology workforce development company that helps teams build better products by knowing more and working better together. We are seeking an experienced Senior Detection Engineer to join our Security Engineering & Operations team.

While the Operations team responds to fires, you will be the architect of the smoke detectors. You will work closely with the Senior Manager of Security Operations to engineering the SIEM, manage the lifecycle of detection rules, and ensure our 24/7 SOC has high-fidelity alerts. Your primary focus will be Detection-as-Code: treating security alerts as engineering problems that require tuning, testing, and version control.

Who you’re committed to being:

• A Builder at Heart: You don’t just consume alerts; you build the logic that generates them. You possess a deep technical understanding of SIEM technologies and know how to onboard custom log sources.
• A Critical Thinker: You weigh the tradeoffs between security risk aversion and business priority. You know how to tune out the "noise" to find the "signal."
• A Tenacious Problem-Solver: You investigate root causes. If a data feed breaks, you fix it. If an alert triggers too often, you refine the logic.
• A Continuous Learner: You are curious by nature. You stay ahead of the curve on new adversarial techniques (TTPs) and translate that knowledge into new detection rules.
• A Collaborative Communicator: You are an effective champion within the information security community and the business, using data to drive decisions.

What you’ll do:

• Detection Logic Lifecycle: Design, develop, and tune high-fidelity detection rules (SIEM content) based on the MITRE ATT&CK framework to identify malicious activity across our ecosystem (Endpoints, Cloud, Network).
• Tier 3 Operational Support (20%): You will not just build the alerts; you will validate them. You will dedicate ~20% of your time to serving as the primary escalation point for the MDR and SOC. You will perform deep-dive analysis on complex incidents, handling the investigations that require engineering-level insight.
• SIEM Architecture & Health: Partner with infrastructure teams to validate log ingestion health, parse custom log sources, and enforce data retention lifecycles to satisfy compliance requirements.
• Data Onboarding: Lead the engineering effort to ingest data from new tools (Cloud APIs, SaaS apps, custom internal apps) into the SIEM, ensuring data quality and CIM compliance.
• MDR/SOC Enablement: Collaborate with our Managed Detection and Response (MDR) providers. You will translate raw data into actionable alerts and provide feedback on their triage quality.
• Adversary Simulation: Proactively test your detection rules against known attack vectors to verify they trigger as expected before a real attack occurs.

Experience you’ll bring:

• Familiarity with Cloud Security detection strategies (AWS/Azure/GCP) and Endpoint telemetry (EDR process trees).
• Experience working with common adversarial tactics, techniques, and procedures (MITRE ATT&CK TTPs) and mapping them to detection rules.

Requirements:

• 3+ years of proven experience in SIEM Content Development or Detection Engineering.
• Bachelor of Science in CIS/MIS/CS/CE, Engineering, or related field (or equivalent experience).
• Possess DoD 8570/8140 recognized certifications for CSSP Analyst or Infrastructure Support, such as GCIA, GMON, GCDA, CEH, or CySA+.
• Proficiency in SIEM-specific content development (e.g., writing advanced queries in SIEM, creating dashboards, and building correlation searches).
• Strong scripting skills (Python, Bash, or PowerShell) for API integration and data manipulation.
• Deep understanding of information security principles, cryptographic methods, and network protocols (TCP/IP, DNS, HTTP/S).
• This is a remote role; however, applicants located within 45 miles of our Westlake/Dallas, TX office should expect to work on-site Tuesday through Thursday, with remote flexibility on Mondays and Fridays. This approach enables more effective collaboration, quicker decision-making, and a stronger culture, while still providing flexibility.

Why you’ll love working here:

• We’re a blended workplace, where team members work remotely or in a hybrid setup depending on their role and location
• We’re mission driven and guided by our culture pillars
• We have a strong commitment to diversity and belonging
• We cultivate a culture of trust, autonomy, and collaboration
• We’re lifelong learners and champion team member growth and advancement
• We’ve got you covered - team member benefits include competitive compensation packages, medical coverage, unlimited PTO, wellness reimbursements, Pluralsight subscription, professional development funds and more.

About us:

Pluralsight provides the only learning platform dedicated to accelerating the technology skills and capabilities of today’s tech workforce. Thousands of companies, government organizations and individuals around the world rely on Pluralsight to support critical technology skill development in areas that are crucial to innovation including artificial intelligence, cloud computing, cybersecurity, software development, and machine learning. Pluralsight provides highly curated content developed by vetted technology experts, industry leading skill assessments, and hands on, immersive learning experiences designed to help individuals skill-up faster.

Physical Requirements:

This role is primarily performed in an office or home office setting and involves standard computer-based work.

EEOC Statement & Accommodations Statement:

Bring yourself. Pluralsight is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, or veteran status. We also consider qualified applicants with criminal histories, consistent with EEOC guidelines and local laws.

If you need an accommodation to apply, interview, or perform essential job functions, please visit the bottom of our website to learn how to request an accommodation. Learn more about our commitment to diversity, equity, inclusion, and belonging in our DEIB Report.

The annual US base salary range for this role is $117,100 - $154,000 USD. Actual compensation will depend on location, skills, experience, and other factors. Additional benefits and bonuses may apply.

Applications must be submitted within 90 days after the initial posting date to be considered.

Please be aware of recruiting scams. We’ll only contact you from an @pluralsight.com email or verified channels. We never ask for sensitive personal info or payments as part of the hiring process. All openings are posted on our Careers page.

#LI-JM2