Job Description

Overview:

TekWissen is a global workforce management provider headquartered in Ann Arbor, Michigan that offers strategic talent solutions to our clients world-wide. Our client provider of digital technology and transformation, information technology and services

Position: Threat Detection Engineer

Location: Bellevue, WA

Duration: 6 Months

Job Type: Contract

Work Type: Onsite

Job Description:

• We are seeking a seasoned Anvilogic Expert to lead advanced AI-based threat hunting and root cause analysis (RCA) initiatives across our security operations.
• The ideal candidate will have deep hands-on experience with Anvilogic's hunting workbench, detection engineering, and threat chain correlation, and will play a key role in improving incident detection, investigation, and response.
• This role is critical for elevating our SOC maturity through automated detection engineering, proactive threat hunts, and actionable RCA that minimizes security risk and response time.

Key Responsibilities:

AI-Based Threat Hunting:

• Leverage Anvilogic's threat hunt workbench and AI-driven tools to proactively detect hidden threats across SIEM, EDR, cloud, and endpoint data.
• Develop and execute MITRE ATT&CK-aligned hypotheses, using multi-source telemetry and behavioral analytics.
• Automate detection generation and tune logic to increase signal fidelity and reduce false positives.

Root Cause Analysis (RCA):

• Conduct in-depth RCA of complex incidents by correlating alert timelines, threat chains, and telemetry signals within Anvilogic.
• Present RCA findings clearly to technical and non-technical stakeholders.
• Contribute to the development of detection improvement loops based on RCA feedback.

Detection Engineering & Content Development:

• Create and maintain custom detection logic, hunt queries, and response playbooks using Anvilogic's AI-assisted tools.
• Collaborate with internal security teams to develop threat narratives and detection packs aligned with business risk.
• Contribute to Anvilogic content lifecycle: testing, publishing, and tuning of detection logic.

Security Operations Support:

• Monitor and triage Anvilogic alerts and correlate with real-time telemetry for deeper analysis.
• Provide continuous feedback to improve threat detection coverage, response accuracy, and hunting workflows.
• Mentor junior analysts on Anvilogic tooling and RCA methodology.

Required Skills & Qualifications:

• 3+ years of experience in security operations, threat hunting, or detection engineering.
• 1 2 years of hands-on experience with Anvilogic or similar advanced detection platforms.
• Strong knowledge of MITRE ATT&CK, threat modeling, and adversary behavior analysis.
• Familiarity with SIEM tools (e.g., Splunk, Sentinel, Chronicle) and cloud telemetry (e.g., AWS, Azure).
• Experience with structured query languages (SPL, KQL, etc.) and security log analysis.
• Ability to correlate multi-source data to identify attack patterns and causality.
• Excellent written and verbal communication for presenting RCA findings and hunt outcomes.
• Bachelor's degree in Cybersecurity, Information Security, Computer Science, or equivalent field.

Nice to Have:

• Anvilogic or MITRE ATT&CK certifications (e.g., Threat Hunter, Detection Engineer).
• Experience with AI/ML-enhanced security tools or data science methods in threat detection.
• Familiarity with security automation tools (SOAR), Python scripting, or YAML.
• Exposure to threat intelligence feeds and integrating TI with hunt workflows.

TekWissen Group is an equal opportunity employer supporting workforce diversity.

Job Tags

Similar Jobs