Detection Engineer

About Hunter Strategy

Hunter Strategy has a unique philosophy to technical project delivery. We treat all our customers like mission partners because they rely on our team to meet their objectives through complex software engineering, cloud operations, and cyber risk management solutions. Hunter Strategy was founded on the premise that IT is 21st century infrastructure - critically important but only instrumentally valuable. Accordingly, our teams look at problems with a single objective: the identification and enablement of the right capability to address the most vexing problems our Mission Partners face. We continue to support our partners' success by leveraging the right technology, with the right plan, and the right team to address tomorrow's challenges today.

Detection Engineer

We are seeking a motivated and technically skilled Detection Engineer to join our growing Detection Engineering team. This role is ideal for a self-starter who thrives in building scalable, automated solutions and wants to play a critical part in shaping the future of our detection engineering practice.

As part of our MSSP SOC Engineering group, you will design, build, and deploy high-quality detections across multiple SIEM platforms (primarily Microsoft Sentinel, Splunk, and Google SecOps). You will work closely with both internal stakeholders and client teams, ensuring that detections align with business needs, normalize effectively across data sources, and scale consistently across environments.

Our team is focused on engineering automation, scalable design, and operational excellence. You will help transition the team into a more technical, engineering-led practice while directly supporting client environments and security outcomes.

Key Responsibilities:

• Detection Development: Design, implement, and optimize detection use cases across SIEM platforms beyond vendor-built detections (Microsoft Sentinel, Splunk, Google SecOps), ensuring they are scalable and reusable.

• Client Engagement: Participate in client standups and working sessions to capture business requirements, translate them into technical detections, and advise on detection strategy.

• SIEM Expertise: Apply a strong understanding of SIEM setup and operations, including data normalization (e.g., Sentinel ASIM, Splunk Data Models, etc.) and best practices for long-term success.

• Collaboration & Documentation: Work with peers across engineering, SOC (Security Operation Center), CTI (Counter Threat Intelligence), and OSO (Offensive Security Operations) to continuously refine detection coverage. Maintain documentation in Confluence and version control systems (Gitlab/GitHub).

• Innovation & Initiative: Identify gaps, bring forward new ideas, and independently drive improvements in detection coverage, scalability, and automation.

Desired Qualifications:

• Technical SIEM Experience: Proficiency with at least two of the following: Microsoft Sentinel (KQL), Splunk (SPL), or Google SecOps (YARA-L).

• Detection Engineering Background: Demonstrated experience building, tuning, and maintaining detections in enterprise SIEM environments.

• SIEM Setup Knowledge: Understanding of data ingestion, parsing, normalization, and schema alignment. Experience configuring SIEMs for long-term operational success.

• Client-Facing Skills: Strong communication skills and experience engaging with customers to gather requirements, present solutions, and build trust.

• Tools & Platforms: Working knowledge of JIRA, Confluence, and related workflow tools.

• Preferred: Experience with detection frameworks (e.g., MITRE ATT&CK), cloud-native services (Azure, AWS, GCP), or prior SOC/MSSP experience.