Cyber Detection & Automation Engineer

Location:

Detection & Automation Engineer

Position Summary

Our Cyber Detection & Automation team rolls up into Key's broader Cyber Defense function within Corporate Information Security. Cyber Defense's mission is simple: We aim to Deter, Detect, Deny, and Disrupt adversaries through proactive threat centric defense.

As a member of the Cyber Detection & Automation (CDA) team within Key's Cyber Defense function, you will work both independently and under the guidance of Senior Detection & Automation Engineers in the development of detection logic and automation capabilities that enable our mission to Deter, Detect, Deny, and Disrupt adversaries. This role is pivotal in advancing our threat-centric defense posture by engineering high-fidelity detections, orchestrating response workflows.

You will work across SIEM, SOAR, and DAM platforms to build scalable, resilient detection and response capabilities. You'll also collaborate with Cyber Threat Intelligence, Threat Response, and Engineering teams to ensure our detection strategy aligns with evolving adversary tactics and business risk.

Key Responsibilities

Detection Engineering

* Design and implement detection-as-code rules, alerts, dashboards, and reports across SIEM and log aggregation platforms.

* Translate threat intelligence and adversary TTPs into actionable detection logic using frameworks like MITRE ATT&CK.

* Continuously tune detection content to reduce false positives and improve signal fidelity.

Security Automation

* Develop and maintain SOAR playbooks to automate triage, enrichment, and response actions.

* Identify manual processes suitable for automation and propose solutions to your Senior department leaders to transform the manual processes into orchestrated workflows.

Threat Analysis & Content Development

* Perform event correlation and log analysis to validate detection efficacy and identify gaps.

* Assist in conducting trend analysis to identify emerging threats and detection opportunities.

* Document detection use cases and maintain lifecycle documentation using team standards.

Collaboration & Mentorship

* Partner with Cyber Threat Response and Threat Intelligence teams to align detection priorities.

* Escalate confirmed or suspected malicious activity with contextual analysis.

* Aspire to become a subject matter expert (SME) in selected domain specialties within your team and contribute to team knowledge sharing and training.

Required Qualifications

Technical Expertise

* Understanding of cyber defense principles, adversary TTPs, and detection engineering.

* Proficiency in SIEM query languages, and industry formats (Sigma, YARA-L, etc)

* Working knowledge of scripting languages (PowerShell, Python, JavaScript, Bash)

* Experience with SOAR platforms and automation development.

* Familiarity with cloud security (Azure, AWS, GCP) and integrating cloud telemetry into detection pipelines.

Operational & Analytical Skills

* Strong problem-solving skills and ability to interpret complex log data.

* Experience in documenting and managing detection content lifecycle.

* Ability to communicate technical concepts to both technical and non-technical audiences.

* Ability to perform and apply Critical-Thinking through day-to-day assignments and taskings

Desired Qualifications

* Bachelor's degree in Cybersecurity, Computer Science, or related field-or equivalent experience.

* Minimum 3+ years in security operations, detection engineering, or threat hunting roles.

* Familiarity with the MITRE ATT&CK and D3FEND framework and adversary TTPs.

Preferred Certifications

* Certified Information Systems Security Professional (CISSP)

* Certified Information Security Manager (CISM)

* Certified Information Systems Auditor (CISA)

* CompTIA Security+

* GIAC Certified Detection Analyst (GCDA)

* GIAC Cloud Threat Detection (GCTD)

* GIAC Certified Incident Handler (GCIH)

* GIAC Certified Intrusion Analyst (GCIA)

COMPENSATION AND BENEFITS

TBD

Please click here for a list of benefits for which this position is eligible.

Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing HR_Compliance@keybank.com.