Sr Threat Detection Engineer - INTL India

Job Description We are seeking a highly experienced Senior Detection Engineer to lead the development and optimization of advanced threat detection and response capabilities across endpoint, identity, cloud, SaaS, and OT/xOT environments. This role requires deep expertise in the CrowdStrike ecosystem (Falcon Endpoint, Next-Gen SIEM, Identity Protection (IDP), FUSION), SOAR platforms, and cloud security. You will serve as the CrowdStrike SMEu2014owning sensor deployment, troubleshooting, automation, and query developmentu2014while partnering with SOC, Cloud, Infrastructure, and Application teams to measurably reduce risk and drive secure architecture and engineering initiatives. This employee will need to work US hours, specifically 8AM-5PM EST. Key Responsibilities u2022 Own CrowdStrike detectionsu2014author, test, and tune in Falcon/Nextu2011Gen SIEM/FUSION; leverage IDP for identity attacks. u2022 Hunt and validate using FQL/CQL; measure detection fidelity and reduce false positives. u2022 Build cloud detections for AWS/Azure/GCP and integrate cloudu2011native logs and controls. u2022 Engineer the telemetry pipeline with Cribl: normalize, enrich, and route data to SIEM. u2022 Operate the CrowdStrike stack endu2011tou2011end: sensor deployment/health, telemetry gaps, escalations; engage CrowdStrike support. u2022 Design SOAR automations and safe containment to shrink MTTD/MTTR; integrate with IR/compliance workflows. u2022 Translate MITRE ATT&CK and threat models into prioritized detection use cases and playbooks. u2022 Partner with Infra/Cloud/SOC to harden endpoints, identity, and M365/SaaS security configurations. u2022 Lead OT/xOT visibility and lowu2011impact rollout of detections where applicable. u2022 Mentor engineers/analysts and maintain standards, runbooks, and incident playbooks. We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: Skills and Requirements u2022 5+ years in detection engineering, threat hunting, or security operations. u2022 Endpoint & identity detection expertiseu2014CrowdStrike Falcon/IDP preferredu2014plus strong proficiency in modern SIEMs (e.g., Splunk, Microsoft Sentinel, CrowdStrike u201cNextu2011Gen SIEMu201d) and SOAR. u2022 Cloud security across AWS and/or Azure, including secure architecture and workload protections. u2022 Detection engineering & automation: rule authoring/tuning, query languages (FQL/CQL, KQL, SPL), and scripting (Python/PowerShell). u2022 Telemetry engineering & troubleshooting: sensor/agent health and log pipelines (e.g., Cribl or similar) to ensure reliable, highu2011fidelity detections. u2022 Familiarity with MITRE ATT&CK, NIST 800u201153, and modern detection frameworks. u2022 Expertise in data pipeline optimization (Cribl or similar) for log normalization and enrichment. u2022 Strong background in endpoint and identity security (EDR/XDR, MFA, Conditional Access). u2022 Knowledge of DevSecOps practices: integrating SAST/DAST/SCA into CI/CD and detectionu2011asu2011code workflows. u2022 Experience with SaaS security posture management and UEBA for cloud apps. u2022 Exposure to OT/xOT security and industrial network monitoring. u2022 Certifications such as CISSP, GIAC (GDSA/GMON/GCIA), OSCP, CCSK/CCSP, or vendoru2011specific cloud/security certs. u2022 Familiarity with AI/ML security concepts and adversary emulation techniques. u2022 Threat intelligence integration: correlating IOCs, leveraging TI platforms, and supporting proactive detection. u2022 Secure API design and testing aligned with OWASP API Top 10.

Created: 2026-02-26