SIEM Detection Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Blackpoint Cyber · 19 hours ago

SIEM Detection Engineer

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level
money$113K/yr - $142K/yr
date5+ years exp

Blackpoint Cyber is the leading provider of world-class cybersecurity threat hunting, detection and remediation technology. As a SIEM Detection Engineer, you will focus on building and tuning high-fidelity detections using SIEM data sources while collaborating closely with SOC analysts and threat hunters to enhance detection capabilities and reduce alert fatigue.

ComputerCyber SecurityNetwork SecuritySoftware
check
Comp. & Benefits
check
H1B Sponsor Likelynote

Responsibilities

Create, test, and maintain detection logic and rules for new and emerging threats using SIEM telemetry
Tune alerts to reduce false positives and ensure detection rules have minimal gaps, maximizing the efficiency and accuracy of our 24x7 SOC
Build and refine detections using diverse log sources and integrations, including firewall and network security telemetry (e.g., FortiGate, SonicWall, and similar platforms), plus endpoint, identity, cloud, and DNS data where available
Collaborate with SOC analysts to identify common patterns and trends across customer environments and translate them into durable detection content
Assist in designing dashboards/visualizations to track threat trends, detection performance, and customer-specific patterns
Partner with ingestion/platform teams to troubleshoot parsing, normalization, indexing, and data availability issues impacting detection quality
Build or maintain test environments and validation workflows to safely verify detections against real-world attacker TTPs
Support incident response efforts by reviewing activity mitigated by the SOC and writing detections based on observed tradecraft
Contribute to enrichment and automation improvements (light scripting, workflow enhancements, alert context) to reduce investigation time and improve analyst decision-making

Qualification

SIEM detectionsThreat huntingData ingestion troubleshootingNetwork security logsBasic scriptingWindows threat indicatorsCollaboration with SOCExperience in SOCCommunicationProblem-solving skills

Required

Five (5+) years of experience in an information security role. Progressive relevant training and/or certification may be substituted for one (1) year of the experience requirement
Strong experience writing SIEM detections and queries (e.g., Elasticsearch/Kibana or similar)
Familiarity with common network security and firewall logs and the ability to interpret and detect threats from them (e.g., FortiGate, SonicWall, and other vendor integrations)
Familiarity with schemas such as OCSF
Working knowledge of Windows threat indicators and common attacker behaviors (process execution, persistence, lateral movement, credential access, C2 patterns)
Knowledge of attacker tools, including legitimate software abused for malicious purposes
Familiarity with parent/child process relationships, command-line arguments, and how they are used to identify suspicious activity
Ability to troubleshoot and debug data ingestion issues, including parsing problems, missing fields, and normalization gaps
Excellent communication skills to summarize findings and present detection rationale, coverage, and trends
Ability to work independently with strong problem-solving skills

Preferred

Experience working in a SOC, Threat Hunting, or DFIR is preferred
Two (2+) years of experience with system tuning and/or engineering (SIEM, EDR, logging pipelines, or analytics platforms)
Experience with log onboarding and integrations (syslog, agents, API-based collection) across common MSP stacks
Basic scripting/automation experience (Python and/or PowerShell) to support enrichment, detection testing, or workflow improvements
Experience creating Sigma and/or YARA rules and validating against adversary TTPs
Proficiency using Power BI or building Kibana dashboards for detection and trend visualization
Network/System Administration experience
CRTO, eCPTX, or other relevant certifications
Deep forensic knowledge of Windows, macOS and/or Linux
Malware analysis experience (behavioral and/or static analysis)

Benefits

Health, Vision, Dental, and Life Insurance plans
Robust 401k plan
Discretionary Time Off
Other minor perks

Company

Blackpoint Cyber

twittertwittertwitter
company-logo
Blackpoint Cyber is a provider of cybersecurity threat hunting, detection, and response technology.
dateFounded in 2014
location
Ellicott City, Maryland, USA
people-size51-200 employees
web-link
https://www.blackpointcyber.com

H1B Sponsorship

Blackpoint Cyber has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (1)
2024 (2)

Funding

Current Stage
Growth Stage
Total Funding
$201.4M
Key Investors
Bain Capital Tech OpportunitiesWP Global PartnersAdelphi Capital,Telcom Ventures
2023-06-08Series C· $190M
2022-05-20Series B
2020-07-08Series B· $5.4M

Leadership Team

leader-logo
Jon Murchison
Founder and Executive Chairman
linkedin
leader-logo
Manoj Srivastava
Chief Technology and Product Officer
linkedin

Recent News

CRN
The 10 Biggest IT CEO Moves Of 2025
2026-01-15
SC Media
Four business metrics security pros can offer that C-Suite execs understand
2025-12-27
Accel
Accel Portfolio - Blackpoint Cyber.
2025-11-26
Company data provided by crunchbase