Sr Threat Detection Engineer - INTL India
We are seeking a highly experienced Senior Detection Engineer to lead the development and optimization of advanced threat detection and response capabilities across endpoint, identity, cloud, SaaS, and OT/xOT environments. This role requires deep expertise in the CrowdStrike ecosystem (Falcon Endpoint, Next-Gen SIEM, Identity Protection (IDP), FUSION), SOAR platforms, and cloud security. You will serve as the CrowdStrike SME-owning sensor deployment, troubleshooting, automation, and query development-while partnering with SOC, Cloud, Infrastructure, and Application teams to measurably reduce risk and drive secure architecture and engineering initiatives. This employee will need to work US hours, specifically 8AM-5PM EST.
Key Responsibilities
• Own CrowdStrike detections-author, test, and tune in Falcon/NextGen SIEM/FUSION; leverage IDP for identity attacks.
• Hunt and validate using FQL/CQL; measure detection fidelity and reduce false positives.
• Build cloud detections for AWS/Azure/GCP and integrate cloudnative logs and controls.
• Engineer the telemetry pipeline with Cribl: normalize, enrich, and route data to SIEM.
• Operate the CrowdStrike stack endtoend: sensor deployment/health, telemetry gaps, escalations; engage CrowdStrike support.
• Design SOAR automations and safe containment to shrink MTTD/MTTR; integrate with IR/compliance workflows.
• Translate MITRE ATT&CK and threat models into prioritized detection use cases and playbooks.
• Partner with Infra/Cloud/SOC to harden endpoints, identity, and M365/SaaS security configurations.
• Lead OT/xOT visibility and lowimpact rollout of detections where applicable.
• Mentor engineers/analysts and maintain standards, runbooks, and incident playbooks.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to [email protected] learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.
Required Skills & Experience
• 5+ years in detection engineering, threat hunting, or security operations.
• Endpoint & identity detection expertise-CrowdStrike Falcon/IDP preferred-plus strong proficiency in modern SIEMs (e.g., Splunk, Microsoft Sentinel, CrowdStrike "NextGen SIEM") and SOAR.
• Cloud security across AWS and/or Azure, including secure architecture and workload protections.
• Detection engineering & automation: rule authoring/tuning, query languages (FQL/CQL, KQL, SPL), and scripting (Python/PowerShell).
• Telemetry engineering & troubleshooting: sensor/agent health and log pipelines (e.g., Cribl or similar) to ensure reliable, highfidelity detections.
Nice to Have Skills & Experience
• Familiarity with MITRE ATT&CK, NIST 80053, and modern detection frameworks.
• Expertise in data pipeline optimization (Cribl or similar) for log normalization and enrichment.
• Strong background in endpoint and identity security (EDR/XDR, MFA, Conditional Access).
• Knowledge of DevSecOps practices: integrating SAST/DAST/SCA into CI/CD and detectionascode workflows.
• Experience with SaaS security posture management and UEBA for cloud apps.
• Exposure to OT/xOT security and industrial network monitoring.
• Certifications such as CISSP, GIAC (GDSA/GMON/GCIA), OSCP, CCSK/CCSP, or vendorspecific cloud/security certs.
• Familiarity with AI/ML security concepts and adversary emulation techniques.
• Threat intelligence integration: correlating IOCs, leveraging TI platforms, and supporting proactive detection.
• Secure API design and testing aligned with OWASP API Top 10.
Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.
Apply tot his job
Apply To this Job
Key Responsibilities
• Own CrowdStrike detections-author, test, and tune in Falcon/NextGen SIEM/FUSION; leverage IDP for identity attacks.
• Hunt and validate using FQL/CQL; measure detection fidelity and reduce false positives.
• Build cloud detections for AWS/Azure/GCP and integrate cloudnative logs and controls.
• Engineer the telemetry pipeline with Cribl: normalize, enrich, and route data to SIEM.
• Operate the CrowdStrike stack endtoend: sensor deployment/health, telemetry gaps, escalations; engage CrowdStrike support.
• Design SOAR automations and safe containment to shrink MTTD/MTTR; integrate with IR/compliance workflows.
• Translate MITRE ATT&CK and threat models into prioritized detection use cases and playbooks.
• Partner with Infra/Cloud/SOC to harden endpoints, identity, and M365/SaaS security configurations.
• Lead OT/xOT visibility and lowimpact rollout of detections where applicable.
• Mentor engineers/analysts and maintain standards, runbooks, and incident playbooks.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to [email protected] learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.
Required Skills & Experience
• 5+ years in detection engineering, threat hunting, or security operations.
• Endpoint & identity detection expertise-CrowdStrike Falcon/IDP preferred-plus strong proficiency in modern SIEMs (e.g., Splunk, Microsoft Sentinel, CrowdStrike "NextGen SIEM") and SOAR.
• Cloud security across AWS and/or Azure, including secure architecture and workload protections.
• Detection engineering & automation: rule authoring/tuning, query languages (FQL/CQL, KQL, SPL), and scripting (Python/PowerShell).
• Telemetry engineering & troubleshooting: sensor/agent health and log pipelines (e.g., Cribl or similar) to ensure reliable, highfidelity detections.
Nice to Have Skills & Experience
• Familiarity with MITRE ATT&CK, NIST 80053, and modern detection frameworks.
• Expertise in data pipeline optimization (Cribl or similar) for log normalization and enrichment.
• Strong background in endpoint and identity security (EDR/XDR, MFA, Conditional Access).
• Knowledge of DevSecOps practices: integrating SAST/DAST/SCA into CI/CD and detectionascode workflows.
• Experience with SaaS security posture management and UEBA for cloud apps.
• Exposure to OT/xOT security and industrial network monitoring.
• Certifications such as CISSP, GIAC (GDSA/GMON/GCIA), OSCP, CCSK/CCSP, or vendorspecific cloud/security certs.
• Familiarity with AI/ML security concepts and adversary emulation techniques.
• Threat intelligence integration: correlating IOCs, leveraging TI platforms, and supporting proactive detection.
• Secure API design and testing aligned with OWASP API Top 10.
Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.
Apply tot his job
Apply To this Job