Senior Detection Engineer

You could be the one who changes everything for our 28 million members by using technology to improve health outcomes around the world. As a diversified, national organization, Centene's technology professionals have access to competitive benefits including a fresh perspective on workplace flexibility.

** Position

Purpose:

*
* Centene's Detection Engineering team drives threat‑informed defense by designing, implementing, and continuously improving high‑fidelity detections across endpoint, identity, network, cloud, and SaaS telemetry. As a Senior Detection Engineer, you will lead complex detection initiatives, architect coverage strategies, and mentor engineers while partnering closely with SOC/CSMT, CSIRT, Threat Intelligence, and platform owners. Your work will measurably reduce risk and alert fatigue through high‑quality analytics, detection‑as‑code practices, and compelling operational outcomes.

** Design & Delivery:*
* + Own end‑to‑end development of multi‑signal detections (endpoint, identity, network, cloud/SaaS) using Splunk (SPL), Microsoft Sentinel/Defender & Azure (KQL), Forti

NDR Cloud (IQL), and Databricks (SQL)

+ Translate threat intel (IOCs/TTPs, ATT&CK mapping) into battle‑tested analytics; convert vetted Sigma rules to SPL/KQL where applicable

** Detection‑as‑Code & Quality:*
* + Implement version control, change notes, suppression logic, and CI/CD pipelines for detections; champion detection replay/backtesting to improve precision/recall and reduce noise

+ Establish and maintain reusable detection content libraries, curated views/tables, and documentation/runbooks that accelerate operations

** Coverage Strategy & Telemetry:*
* + Lead data onboarding and schema alignment; articulate coverage plans and quality gates for priority threats and control gaps

+ Partner with platform teams to improve data prerequisites (tables, fields, latency) and ensure telemetry health and resilience

** Operations & Collaboration*
* + Work directly with SOC/CSMT and CSIRT to tune, triage, and validate detections; convert hunts into detections and run purple‑team validations

+ Build tabletop exercises/training for analysts; advise on automation opportunities across SOC/IR workflows

** Leadership & Mentorship:*
* + Provide technical mentorship for DE I/II; conduct peer reviews of detection logic; contribute to sprint planning aligned to quarterly OKRs

+ Influence roadmap, standards, and governance for the DE program in partnership with the Principal/Lead Detection Engineer

** Success Indicators:*
* + Signal quality: detection precision/recall, FP rate, MTTD improvements

+ Coverage depth: ATT&CK technique coverage and telemetry readiness across key domains

+ Operational impact: validated detections adopted by SOC/IR, reduction in alert fatigue, hunts‑to‑detections conversion rate

+ Content velocity & hygiene: time‑to‑deliver new analytics, documentation completeness, CI pipeline health

+ Mentorship & enablement: growth of DE I/II competencies, quality of peer reviews, training outcomes

+ Performs other duties as assigned

+ Complies with all policies and standards

** Education/

Experience:

*
* A Bachelor's degree in a quantitative or business field (e.g., statistics, mathematics, engineering, computer science) and Requires 4 - 6 years of related experience.

Or equivalent experience acquired through accomplishments of applicable knowledge, duties, scope and skill reflective of the level of this position.

** Technical

Skills:

*
* + 3+ years in information security with hands‑on detection engineering (or SOC/IR roles with demonstrated analytics creation)

+ Proficiency in SPL, KQL, and one of IQL/Databricks SQL for multi‑event correlation, enrichment, and replay

+ Demonstrated experience turning IOCs/TTPs into durable analytics; strong ATT&CK fluency and coverage planning

+ Practical detection‑as‑code habits: versioning, change control, backtesting, suppression strategy, CI/CD familiarity

+ Ability to partner with SOC/CSIRT/Threat Intel; communicate trade‑offs clearly and drive measurable outcomes

*
* Preferred Qualifications:

*
* + Experience integrating detections with Wiz and Varonis contexts (identity/data exposure)

+ Prior work in purple…