The Senior Director of Cybersecurity Detection Engineering will lead a team of detection engineers in designing, implementing and maintaining advanced detection capabilities to protect the organization from emerging cyber threats. This pivotal role will enhance Cox Automotive’s next-generation cyber defense practices, enabling rapid threat response and automated remediation. The position will be responsible for developing the detection engineering program strategy and creating metrics to demonstrate continuous improvement. The ideal candidate will possess expert-level knowledge in SIEM implementation, log ingestion, SOAR, incident response, and threat intelligence that will be data-driven with strong verbal, written communication, and leadership skills.

Cyber ​​security detection engineering:

• Determine the detection engineering strategy, roadmap, and goals to be achieved.
• Design and implement advanced threat detection techniques using tools such as SIEM, EDR, NDR and SOAR platforms.
• Develop innovative custom detection rules, automated remediation, playbooks, and alerts tailored to the enterprise threat landscape for enterprise and customer security.
• Leverage industry standard MITRE frameworks to define detection coverage and fill gaps.
• Continuously monitor, optimize and improve detection systems for performance, scalability and effectiveness.
• Collaborates with the Threat Detection and Response team to continually improve cybersecurity capabilities in identifying, managing and responding to threats in the most efficient and effective manner.
• Conduct attack simulation testing to validate the effectiveness of use cases and purple team exercises in collaboration with the Vulnerability Management team.
• Manages and maintains SIEM/Data Lake data management and log ingestion infrastructure in collaboration with Cyber ​​Defense Engineering.
• Evaluate, validate, adjust and fine-tune detection capabilities as necessary
• Maintains operational guidelines, diagrams, and documentation for security detection and response.

Incident response support:

• Collaborate with the incident response team to ensure rapid detection and containment of cyber threats.
• Provide technical expertise and guidance for developing detection use cases during high-risk security incidents.
• Continuously improve detection and response processes based on lessons learned from incidents.
• Other duties may be assigned as needed to address new security threats facing the organization.
• Provides out-of-hours support as needed to manage security, detection and response activities.

Threat Intelligence Integration:

• Leverage threat intelligence to proactively enhance detection and risk mitigation capabilities.
• Identify and analyze new and emerging threat vectors and integrate them into detection strategies.

Stakeholder collaboration:

• Partner with cybersecurity, engineering, and other product teams to align detection strategies with organizational goals.
• Communicate detection capabilities and results to technical and non-technical stakeholders, including executive leadership.

Governance and Compliance:

• Ensure that all detection processes and tools adhere to regulatory requirements and industry standards (e.g., GDPR, PCI-DSS, NIST).
• Create and maintain documentation of detection strategies, processes, and configurations.

Professional technology skills (the professional technology skills you need to be able to do this job)

Ability to:

• Proven track record of building scalable organizations with world-class threat detection capabilities.
• Technical proficiency in conducting large-scale security investigations; Including endpoint, cloud, identity, network and email threats.
• Work with internal IT teams and external MSSPs to create and operate detection engineering use cases for WAF, DDoS protection, email, DLP, AV, and endpoint security technologies.
• Hands-on experience with network, endpoint, cloud and identity detection and response tools as well as SOAR platforms.
• Apply security threat intelligence to identify new threat vectors.
• Lead projects to improve security monitoring and response capabilities.
• Demonstrate a strong security engineering and architectural background to better understand how to use security monitoring most effectively and efficiently.
• Powerful internal systems fundamentals for Linux, MacOS, and Windows.
• Demonstrate effective communication of security issues to management and others.
• Maintain detection use case, security SIEM configuration guidelines and standards.
• Proficiency in establishing and managing operational metrics that increase team efficiency and quality.
• Passionate about managing and mentoring individuals pursuing careers in detection engineering.
• Ability to effectively manage relationships with organizational leaders, build a roadmap, and drive broad initiatives to completion.
• Understand machine learning concepts in relation to predictive analytics.

Knowledge, experience and qualifications

necessary:

• Bachelor’s degree in Computer Science or equivalent and 8+ years of industry-related professional experience. The right candidate could also have a different combination, such as a master’s degree and 6 years of experience; Ph.D. 3 years of experience in a related field; Or 20 years of experience in a related field
• AWS, Azure, and GCP multi-cloud security experience
• Expert level knowledge of detection engineering and security operations
• 3+ years of management or leadership experience with direct people management responsibilities
• Strong experience in information security, network security, security monitoring and incident response.
• Strong experience developing SIEM/SOAR detection and automation use cases.
• Hands-on experience with industry standard security technologies and services such as Threat Intelligence, Firewalls, SASE, IPS, Endpoint Security, DLP, SIEM/SOAR, and Data Lakes.
• Expert-level knowledge of the offensive killstreak and the diamond model.
• 5+ years of experience in an incident response or security operations role
• 3+ years of leadership experience in a SOC or similar role
• Must live within commutable distance of North Hills NY or Atlanta GA and be willing to come to site 3 times a week

desirable:

• Certification(s) GSEC, GCIA, GFE, GCFA, CISA, CISSP, CISM or CIA
• Experience in Development/Dev Ops/Engineering/Network/System Administration

US$173,900.00 – US$289,800.00

compensation:

Compensation includes a base salary of $173,900.00 – $289,800.00. Base salary may vary within the expected base salary range based on factors such as the final location of the position and the knowledge, skills and abilities of the selected candidate. The position may be eligible for additional compensation which may include an incentive program.

benefits:

The Company provides eligible employees with the flexibility to take as much paid leave as they deem consistent with their duties and the needs and obligations of the Company; Seven paid holidays throughout the calendar year; And up to 160 hours of paid wellness per year for their own well-being or that of family members. Employees are also eligible for additional paid leave in the form of bereavement leave, voting leave, jury duty leave, volunteer leave, military leave, and paternity leave.