Sr. Analyst, CSOC - Detection Engineering

Location: New York

*
* Job Description:

** Salary range: $108,000 - $138,000
***
* WHO WE ARE:

**** Saks Global is the largest multi-brand luxury retailer in the world, comprising Saks Fifth Avenue, Neiman Marcus, Bergdorf Goodman, Saks OFF 5TH, Last Call and Horchow. Its retail portfolio includes 70 full-line luxury locations, additional off-price locations and five distinct e-commerce experiences. With talented colleagues focused on delivering on our strategic vision,
* The Art of You,
* Saks Global is redefining luxury shopping by offering each customer a personalized experience that is unmistakably their own*.
* By leveraging the most comprehensive luxury customer data platform in North America, cutting-edge technology, and strong partnerships with the world's most esteemed brands, Saks Global is shaping the future of luxury retail.

Saks Global Properties & Investments includes Saks Fifth Avenue and Neiman Marcus flagship properties and represents nearly 13 million square feet of prime U.S. real estate holdings and investments in luxury markets.
***
* YOU WILL BE:

**** Designing, building, and continuously improving high-fidelity security detections across our cloud and enterprise environments as an experienced and highly motivated Sr. CSOC Analyst with a focus on Detection Engineering. This role sits at the intersection of Security Operations, Threat Intelligence, and Engineering, with a strong emphasis on Detection-as-Code, automation, and adversary-focused detection engineering.

You will partner closely with SOC analysts, Incident Response, Threat Intelligence, and Cloud Security teams to translate attacker behaviours into scalable, testable, and maintainable detections. Comfortable to work up to 4 days a week in our NYC or Dallas office.
***
* WHAT YOU WILL DO:

****** Detection Engineering & Security Operations
*** Design, develop, and maintain high-quality detections aligned to real-world adversary behaviours and MITRE ATT&CK techniques.
* Engineer detections across SIEM, EDR, cloud-native security tools, and log pipelines.
* Reduce false positives through tuning, enrichment, and behavioural correlation.
* Support incident response by improving alert fidelity and investigative context.
* Work with cloud-native logs (Cloud Trail, Azure Activity Logs, etc.).###
** Detection as Code (Mandatory)
*** Build and manage detections using Detection-as-Code principles (version control, CI/CD, testing, peer review).
* Develop detections in formats such as YAML, Sigma, KQL, SPL, JSON, or custom rule frameworks.
* Implement automated testing and validation of detections using replayed attack data and simulations.
* Maintain detection repositories with clear documentation, ownership, and lifecycle management.###
** Threat Intelligence & Adversary Emulation
*** Translate threat intelligence, IOCs, TTPs, and attack reports into actionable detections.
* Develop behaviour-based detections for advanced threat actors, not just indicator-based alerts.
* Partner with Red Team / Purple Team to validate detections against real attack paths.
* Continuously improve coverage in response to emerging threats and incident learnings.
** Automation & Engineering
*** Write production-quality code to automate detection deployment, enrichment, and response.
* Build tooling for detection testing, telemetry validation, and metrics.
* Integrate detections with automation and response workflows.
* Experience or a deep understanding of building and integrating AI workflows.
**** WHAT YOU WILL BRING:
***** Bachelor's Degree: in Computer Science, Cybersecurity, Information Technology, or a related field.

* Proven Experience:

Demonstrated experience in designing and implementing security detections.

Minimum 5  years of experience in Security Operations (SOC) roles.
* Deep understanding and hands-on experience with major cloud platforms (AWS, Azure), specifically focusing on Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) security controls, APIs, and logging/querying (e.g., Cloud Watch Logs/Metrics, Azure Monitor, Azure Activity Log, Splunk, Sigma for Azure/AWS).
* Strong proficiency in at least one scripting/programming language (Python highly preferred). Ability to write, test, and debug code for detection logic and automation.
* Demonstrable experience with detection-as-code principles and specific frameworks (e.g., Sigma, YARA, custom scripts). Experience managing detection life cycles using version control systems (Git).
* Proven hands-on experience configuring, managing, and querying SIEM platforms.
* Experience incorporating threat intelligence (e.g., threat feeds, IoCs, YARA rules, OpenIOC) into detection logic and automated responses.
* Solid grasp of network security, cloud security fundamentals, incident response life cycles, and common attack vectors (e.g., malware, phishing, APTs).
* Excellent analytical abilities to dissect complex problems, identify patterns, and develop effective detection strategies.
**** YOUR LIFE AND CAREER AT SAKS GLOBAL:
***** Opportunity to work in a…