Senior Threat Detection Engineer

Meet Our Team:

As a member of the Cloud Security Operations Center (CSOC), you will play a critical role in the continuous monitoring, threat detection, and protection of Pega's global cloud infrastructure and applications. You will collaborate with a team of highly skilled security analysts, detection engineers, and incident responders who are committed to defending Pega Cloud against evolving cyber threats. This role offers the opportunity to work with cutting-edge security technologies including a sophisticated cloud-native SIEM, advanced threat intelligence platforms, and cloud-native security tools across various multi-cloud environments.

Picture Yourself at Pega:

Pega Cloud is a comprehensive, enterprise-grade SaaS platform that powers mission-critical CRM and business process management (BPM) applications for global organizations. As a Senior Detection Engineer, you will architect and implement advanced detection strategies, build high-fidelity security analytics, and develop automated response capabilities to proactively identify and mitigate threats targeting Pega Cloud infrastructure and customer environments. Your work will directly impact the security posture of both Pega's internal operations and the applications that our clients depend on daily. This position offers significant responsibility, strategic influence, and visibility across the organization's security program.

What You'll Do at Pega:

Detection Engineering
•    Design, develop, and deploy high-fidelity YARA-L detection rules in Google Security Operations (SecOps/Chronicle) based on threat intelligence, adversary TTPs mapped to MITRE ATT&CK framework, and threat hypotheses derived from the Pega threat landscape and attack surface analysis
•    Create advanced detection logic leveraging behavioral analytics, correlation rules, and multi-event sequences to identify sophisticated attack patterns across AWS, GCP, Kubernetes (EKS/GKE), and SaaS environments
•    Build interactive dashboards and real-time monitoring visualizations to enhance situational awareness and provide actionable security insights for the CSOC and stakeholders
•    Apply statistical modeling, data science methodologies, and machine learning techniques to identify anomalous behavior, outlier detection, and zero-day threat indicators across cloud telemetry and application logs
•    Assist the Threat Detection Operations team in developing Detection-as-Code practices, maintaining version-controlled detection repositories and automated testing frameworks to ensure detection reliability and consistency
•    Contribute to comprehensive investigation playbooks and runbooks for CSOC analysts to efficiently triage, investigate, and respond to high-confidence alerts, anomalous activity, and emerging threat scenarios
•    Serve as a technical authority on Google SecOps/Chronicle platform capabilities, YARA-L detection engineering, UDM (Unified Data Model) schema design, and advanced query techniques
•    Provide technical mentorship and training to CSOC analysts and detection engineers on YARA-L and UDM usage, Chronicle search methodologies, threat hunting techniques, and security data analysis
Detection Optimization & Tuning
•    Continuously review, validate, and refine existing detection rules and analytics based on feedback from the Digital Forensics and Incident Response (DFIR) team, false positive analysis, and threat landscape evolution
•    Conduct regular detection effectiveness assessments, measure key performance indicators (KPIs) including detection coverage, mean time to detect (MTTD), and alert precision metrics
•    Optimize detection logic to reduce alert fatigue while maintaining comprehensive threat coverage across the MITRE ATT&CK matrix, with emphasis on cloud-specific tactics and techniques
•    Collaborate with Security Engineering, Cloud Engineering, and IT teams to enhance log collection, data normalization, and telemetry enrichment for improved detection capabilities
•    Partner with the SIEM Engineering team and other stakeholders to ensure comprehensive logging coverage, identify visibility gaps, and recommend telemetry enhancements for critical assets and attack vectors
Proactive Threat Hunting
•    Execute hypothesis-driven threat hunts across Pega Cloud environments to proactively identify indicators of compromise (IOCs), adversary tradecraft, and persistence mechanisms that may evade automated detection systems
•    Conduct targeted threat hunting campaigns in response to emerging vulnerabilities, zero-day exploits, and threat intelligence reports affecting cloud infrastructure, containerized workloads, and SaaS applications
•    Translate threat hunting findings into actionable detection rules, threat intelligence artifacts, and security architecture improvements to strengthen defensive capabilities

Who You Are:

You have an insatiable curiosity with an inborn tenacity to research and determine how to detect adversarial activity.
•    Extensive experience building detections in AWS and GCP cloud environments
•    Extensive experience with performing investigations and threat hunts with Linux, Kubernetes, AWS EKS, and GCP GKE, and building detections for the same
•    Deep experience with the MITRE ATT&CK framework
•    Experience in development of technical documents for content creation, content/rule review processes
•    Solid foundational understanding of computer, OS, and network architecture concepts, particularly how various attacks exploit their weaknesses
•    Excellent verbal and written communication skills, including poise in high pressure situations
•    Have proven ability to work in a collaborative, cloud-first, client focused team environment

What You've Accomplished:

Must Have:
•    5+ years of experience in SOC Operations as a Threat Detection Engineer
•    3+ years of experience in detection engineering within the Google SecOps/Chronicle SIEM, specifically with a focus in writing YARA-L rules and utilizing the UDM schema
•    2+ years of experience building detections for AWS and/or GCP
•    Bachelor’s Degree in Cybersecurity, Computer Science, Data Science, or related field
•    A history of analyzing and resolving a range of high-pressure security issues within an enterprise organization 
•    Have earned SANS, Offensive Security, or other top tier industry recognized technical security certifications focused on detection/response or penetration testing

The Ideal Candidate Will Have:
•    Automation experience leveraging tool APIs, IDEs, and SDKs
•    Working experience with various AI tools such as Gemini, Copilot, and Anthropic
•    Proven ability to code and write scripts using YARA, Python, Bash, JavaScript, and Java
•    Identified security gaps to secure applications or products from would be attackers
•    Managed security solutions such as EDR/XDR and SIEM

Pega Offers You:

•    Gartner Analyst acclaimed technology leadership across our categories of products
•    Continuous learning and development opportunities 
•    An innovative, inclusive, agile, flexible, and fun work environment
•    Competitive global benefits program inclusive of pay + Bonus incentive and Employee Equity in the company

#LI-ME1

Additional Information

Base salary range for this role is 189,100 - 282,700 PLN annually. This role may also be eligible for annual bonus OR commission, as well as benefits and other incentives.

The final compensation will be determined during the offer process based on the candidate's education, experience, skills, and qualifications, as well as market conditions and may vary from the posted range. We will share an information on benefits, bonus/commission, and other pay components for this role at the relevant recruitment stage.