What You Will Do** + Design, develop, and maintain detection logic across endpoint, network, and cloud environments + Create and tune detections using tools such as CrowdStrike, Zscaler, SIEM platforms, and DLP solutions + Leverage Cyberhaven to build and enhance data exfiltration and insider risk detections + Analyze logs and telemetry to identify attack patterns, anomalies, and emerging threats + Continuously improve detection quality by reducing false positives and increasing signal fidelity + Partner with Incident Response and Security Operations to investigate alerts and refine detection strategies + Develop and document detection use cases, playbooks, and workflows + Stay current with adversary tactics, techniques, and procedures (TTPs) and translate them into actionable detections + Contribute to detection automation and engineering initiatives to improve scalability and efficiency **What You Need to Succeed** + Strong experience with **Data Loss Prevention (DLP) tools and workflows like CyberHaven and Microsoft Purview** + Experience with **CrowdStrike and Zscaler** (or comparable EDR and network security platforms) + Deep understanding of **Windows event logs** and other investigation-relevant artifacts + Experience working with **SIEM platforms, log management systems, and endpoint security tools** + Strong analytical and critical thinking skills with exceptional attention to detail + Ability to investigate complex security events and translate findings into detection improvements + Excellent written and verbal communication skills, with the ability to clearly explain complex security concepts + Strong interpersonal skills and the ability to collaborate effectively across security, IT, and engineering teams + Self-driven with a continuous improvement mindset **What Helps You Stand Out** + Experience building detections mapped to frameworks such as MITRE ATT&CK + Familiarity with scripting or query languages (e.g., Python, KQL, SPL, SQL) + Experience with insider threat or data exfiltration detection strategies + Background in threat hunting or incident response We are committed to building a diverse team of Datavanters who are all responsible for stewarding a high-performance culture in which all Datavanters belong and thrive. The estimated total cash compensation range for this role is: $124,000-$155,000 USD To ensure the safety of patients and staff, many of our clients require post-offer health screenings and proof and/or completion of various vaccinations such as the flu shot, Tdap, COVID-19, etc.