Cyber Defense - Defense Engineering Service Lead

About the role

POSITION SUMMARY Zoetis is seeking a Defense Engineering Service Lead, you will lead hands-on detection engineering and Security Operations Center (SOC) operations to rapidly identify, contain, and resolve security threats for enterprise clients. Your expertise in MITRE ATT&CK, adversary tradecraft, and security technologies (SIEM, EDR, NDR) will drive the creation and tuning of high-quality detections, complex investigations, and proactive threat hunting. You'll automate response playbooks and integrate tools to build a cohesive defense ecosystem, partnering closely with cross-functional teams to improve signal fidelity, reduce false positives, and accelerate detection and response. In addition, you will mentor analysts, manage client relationships, and ensure programs meet industry frameworks and compliance standards, delivering operational excellence in a fast-paced environment. POSITION RESPONSIBILITIES Manage Log Ingestion and Data Normalization: Oversee the onboarding and integration of log sources across enterprise environments, ensuring reliable data ingestion, parsing, and enrichment. Maintain adherence to a Common Information Model (CIM) to standardize event fields, promote interoperability among security tools, and maximize detection fidelity and coverage. Engineering & Automation: Design, develop, and maintain incident response playbooks, orchestrations, and automation for rapid response and evidence collection. Integrate and script security tools to create an efficient, cohesive, and automated defense ecosystem. Continually optimize detection logic and playbooks based on ongoing threat intelligence and operational feedback. Threat Hunting & Readiness: Lead hypothesis-driven threat hunting across endpoints, identity, network, and cloud infrastructure to uncover unknown threats. Conduct continuous detection QA and tuning to enhance signal fidelity, reduce false positives, and improve analyst efficiency. Stay current on evolving threats, leveraging new detection and hunting methodologies as needed. Incident Response & Purple Teaming: Serve as a hands-on incident responder, focusing on rapid containment and translating lessons learned into improved detections and processes. Partner with Red Team and IR colleagues on purple team exercises to validate detection coverage and address identified gaps. Metrics & Continuous Improvement: Develop, track, and report on detection metrics (coverage, fidelity, alert volumes, MTTA, MTTR) and use data-driven insights to inform backlog and roadmap priorities. Lead post-incident reviews and drive continuous improvement initiatives for the detection and response program. Mentorship & Leadership: Mentor, coach, and manage SOC analysts and detection engineers, providing guidance on triage techniques, detection logic, threat hunting, and automation while supporting career growth and development. Lead team performance by setting clear expectations and goals, monitoring outcomes, delivering regular feedback, and conducting performance reviews and improvement plans as needed. Foster a culture of excellence, knowledge sharing, and continuous learning through training, enablement, and cross-functional collaboration. Strategic & Client Partnership: Guide clients in building and maturing cyber defense and detection programs aligned with industry frameworks and regulatory requirements (e.g., NIST CSF, ISO 27001, PCI-DSS). Communicate complex technical and operational issues effectively with both technical teams and executive stakeholders. EDUCATION AND EXPERIENCE Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or relevant professional experience. 5+ years hands-on experience or equivalent demonstrated proficiency building/maintaining automation using Python and REST APIs in production environments. 8+ years hands-on experience or equivalent depth of expertise in SOC operations, with emphasis on incident response, detection engineering, and security automation. Preferred Certifications GSEC (GIAC Security Essentials) GCIH (GIAC Certified Incident Handler) GCIA (GIAC Certified Intrusion Analyst) GSOC (GIAC Security Operations Certification) GCED (GIAC Cybersecurity Expert Defense) CISSP / CISM TECHNICAL SKILLS REQUIREMENTS Deep familiarity with MITRE ATT&CK, attacker TTPs, and the ability to translate behaviors into high-fidelity detections, preventive safeguards, and response controls across cloud, endpoint, identity, network, email, OT, and SaaS. Skilled in hypothesis-driven hunting, rapid triage, and end-to-end investigations using telemetry from SIEM/EDR/NDR and cloud-native logs; strong grasp of forensics fundamentals (host, network, and identity). Hands-on experience designing, implementing, and tuning security controls including hardening baselines, logging/telemetry standards, segmentation, access controls, and compensating controls for regulated and hybrid environments. Strong knowledge of security logging pipelines, nor

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at zoetis? Share your experience