Detection Engineer

Responsibilities

• Design, develop, and maintain detection logic across endpoint, network, and cloud environments
• Create and tune detections using tools such as CrowdStrike, Zscaler, SIEM platforms, and DLP solutions
• Leverage Cyberhaven to build and enhance data exfiltration and insider risk detections
• Analyze logs and telemetry to identify attack patterns, anomalies, and emerging threats
• Continuously improve detection quality by reducing false positives and increasing signal fidelity
• Partner with Incident Response and Security Operations to investigate alerts and refine detection strategies
• Develop and document detection use cases, playbooks, and workflows
• Stay current with adversary tactics, techniques, and procedures (TTPs) and translate them into actionable detections
• Contribute to detection automation and engineering initiatives to improve scalability and efficiency
• What You Need to Succeed
• Strong experience with Data Loss Prevention (DLP) tools and workflows like CyberHaven and Microsoft Purview
• Experience with CrowdStrike and Zscaler (or comparable EDR and network security platforms)
• Deep understanding of Windows event logs and other investigation-relevant artifacts
• Experience working with SIEM platforms, log management systems, and endpoint security tools
• Strong analytical and critical thinking skills with exceptional attention to detail
• Ability to investigate complex security events and translate findings into detection improvements
• Excellent written and verbal communication skills, with the ability to clearly explain complex security concepts
• Strong interpersonal skills and the ability to collaborate effectively across security, IT, and engineering teams
• Self-driven with a continuous improvement mindset
• What Helps You Stand Out
• Experience building detections mapped to frameworks such as MITRE ATT&CK
• Familiarity with scripting or query languages (e.g., Python, KQL, SPL, SQL)
• Experience with insider threat or data exfiltration detection strategies
• Background in threat hunting or incident response
• At Datavant our total rewards strategy powers a high-growth, high-performance, health technology company that rewards our employees for transforming health care through creating industry-defining data logistics products and services.
• The range posted is for a given job title, which can include multiple levels. Individual rates for the same job title may differ based on their level, responsibilities, skills, and experience for a specific job.
• The estimated total cash compensation range for this role is:
• $124,000 - $155,000 USD
• This job is not eligible for employment sponsorship.
• Datavant is committed to a work environment free from job discrimination. We are proud to be an Equal Employment Opportunity employer and all qualified applicants will re

Benefits

Additional Information

Datavant is the data collaboration platform trusted for healthcare. Guided by our mission to make the world's health data secure, accessible and actionable, we provide critical data solutions for organizations across the healthcare ecosystem - including providers, health plans, researchers, and life sciences companies. From fulfilling a single patient's request for their medical records to powering the AI revolution in healthcare, Datavanters are building the future of how data is connected and used to improve health. By joining Datavant today, you're stepping onto a driven and highly collaborative team that is passionate about creating transformative change in healthcare.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at datavant2? Share your experience