Senior Detection Engineer

You could be the one who changes everything for our 28 million members by using technology to improve health outcomes around the world. As a diversified, national organization, Centene's technology professionals have access to competitive benefits including a fresh perspective on workplace flexibility. Position Purpose: Centene's Detection Engineering team drives threat-informed defense by designing, implementing, and continuously improving high-fidelity detections across endpoint, identity, network, cloud, and SaaS telemetry. As a Senior Detection Engineer, you will lead complex detection initiatives, architect coverage strategies, and mentor engineers while partnering closely with SOC/CSMT, CSIRT, Threat Intelligence, and platform owners. Your work will measurably reduce risk and alert fatigue through high-quality analytics, detection-as-code practices, and compelling operational outcomes. Design & Delivery: • Own end-to-end development of multi-signal detections (endpoint, identity, network, cloud/SaaS) using Splunk (SPL), Microsoft Sentinel/Defender & Azure (KQL), FortiNDR Cloud (IQL), and Databricks (SQL) • Translate threat intel (IOCs/TTPs, ATT&CK mapping) into battle-tested analytics; convert vetted Sigma rules to SPL/KQL where applicable Detection-as-Code & Quality: • Implement version control, change notes, suppression logic, and CI/CD pipelines for detections; champion detection replay/backtesting to improve precision/recall and reduce noise • Establish and maintain reusable detection content libraries, curated views/tables, and documentation/runbooks that accelerate operations Coverage Strategy & Telemetry: • Lead data onboarding and schema alignment; articulate coverage plans and quality gates for priority threats and control gaps • Partner with platform teams to improve data prerequisites (tables, fields, latency) and ensure telemetry health and resilience Operations & Collaboration • Work directly with SOC/CSMT and CSIRT to tune, triage, and validate detections; convert hunts into detections and run purple-team validations • Build tabletop exercises/training for analysts; advise on automation opportunities across SOC/IR workflows Leadership & Mentorship: • Provide technical mentorship for DE I/II; conduct peer reviews of detection logic; contribute to sprint planning aligned to quarterly OKRs • Influence roadmap, standards, and governance for the DE program in partnership with the Principal/Lead Detection Engineer Success Indicators: • Signal quality: detection precision/recall, FP rate, MTTD improvements • Coverage depth: ATT&CK technique coverage and telemetry readiness across key domains • Operational impact: validated detections adopted by SOC/IR, reduction in alert fatigue, hunts-to-detections conversion rate • Content velocity & hygiene: time-to-deliver new analytics, documentation completeness, CI pipeline health • Mentorship & enablement: growth of DE I/II competencies, quality of peer reviews, training outcomes • Performs other duties as assigned • Complies with all policies and standards Education/Experience: A Bachelor's degree in a quantitative or business field (e.g., statistics, mathematics, engineering, computer science) and Requires 4 - 6 years of related experience. Or equivalent experience acquired through accomplishments of applicable knowledge, duties, scope and skill reflective of the level of this position. Technical Skills: • 3+ years in information security with hands-on detection engineering (or SOC/IR roles with demonstrated analytics creation) • Proficiency in SPL, KQL, and one of IQL/Databricks SQL for multi-event correlation, enrichment, and replay • Demonstrated experience turning IOCs/TTPs into durable analytics; strong ATT&CK fluency and coverage planning • Practical detection-as-code habits: versioning, change control, backtesting, suppression strategy, CI/CD familiarity • Ability to partner with SOC/CSIRT/Threat Intel; communicate trade-offs clearly and drive measurable outcomes Preferred Qualifications: • Experience integrating detections with Wiz and Varonis contexts (identity/data exposure) • Prior work in purple teaming and/or running detection validation exercises • Familiarity with cloud telemetry (Azure, Entra ID, MDE) and network/HTTP/DNS/SSL flow analysis via NDR • Contributions to internal content libraries, runbooks, and detection KPIs (precision/recall/coverage) Soft Skills: • Intermediate - Seeks to acquire knowledge in area of specialty • Intermediate - Ability to identify basic problems and procedural irregularities, collect data, establish facts, and draw valid conclusions • Intermediate - Ability to work independently • Intermediate - Demonstrated analytical skills • Intermediate - Demonstrated project management skills • Intermediate - Demonstrates a high level of accuracy, even under pressure • Intermediate - Demonstrates excellent judgment and decision making skills License/Certification: • Certified Threat Intelligence Analyst (CTIA)-ECCOU