Magnit Global is a leading, global professional services and technology company and a certified “Great Place to Work”. We have been a leader in contingent workforce management since 1991 and work with leading Fortune 500 companies and other large organizations across numerous verticals including consumer electronics, research and development, pharmaceuticals, health services, and many more! 

We're glad to continue a relationship with you and happy to assist in the next steps of your career once more! 

This contract opportunity is with CNA Insurance

About the Role

Design, build, test, and maintain high-fidelity detections. Implement Detection-as-Code practices: version control, peer review, CI/CD pipelines, and automated validation for detection content and configuration. Develop and tune detection logic aligned to MITRE ATT&CK techniques and real-world adversary behavior (TTP-focused).

What You Will Do

Collaborate in Purple Teaming Exercises

• Plan and execute purple team exercises and threat emulation using ATT&CK-driven test plans (e.g., Atomic Red Team/CALDERA/SafeBreach-style approaches).
• Measure detection coverage and response effectiveness; translate exercise findings into backlog items and measurable improvements.

Engineering Enablement & Operational Excellence

• Partner with SOC analysts, incident responders, and platform teams to improve signal-to-noise, alert workflows, and escalation quality.
• Contribute to logging strategy: define requirements, onboard new data sources, create parsing/normalization standards, and enrich events (lookups/context).
• Operate in an Agile/SAFe delivery model: manage backlog, user stories, sprint commitments, demos, and continuous improvement.

Governance, Metrics & Stakeholder Communication

• Define and track detection metrics (coverage, efficacy, false positive rate, mean time to detect, alert precision/recall proxies).
• Communicate risk and outcomes in business-relevant terms (especially helpful in regulated/insurance environments).
• Document detections, hunts, procedures, runbooks, and learning artifacts for repeatability and operational scaling.

Detection Engineering / Security Analytics

• Strong experience building detections in a SIEM (preferably Splunk ES): SPL, knowledge objects, data models, field extraction, lookups, and enrichment.
• Expertise in detection engineering methodologies (signal design, validation, tuning, alert routing, and lifecycle management).
• Practical knowledge of MITRE ATT&CK, adversary TTPs, and mapping detections to ATT&CK techniques.

Threat Hunting / Incident Analysis

• Proven ability to perform threat hunts and investigations across endpoint, identity, network, and cloud telemetry.
• Familiarity with analytic frameworks such as Cyber Kill Chain, Diamond Model, and decision loops (e.g., OODA) to structure investigations.
• Ability to apply structured analytic techniques to form defensible conclusions and reduce cognitive bias.

EDR & Endpoint Telemetry

• Experience using CrowdStrike Falcon (or comparable EDR) for detection, investigation, and response workflows.
• Knowledge of endpoint artifacts and attacker tradecraft (persistence, privilege escalation, credential access, lateral movement).
  Engineering & Automation
• Proficiency in Python for automation, enrichment, log parsing, analytics, and/or detection testing harnesses.
• Strong working knowledge of Git (branching, pull requests, reviews) and comfort using developer tooling (e.g., CLI editors like Vim).
• Experience with CI/CD concepts applied to security content (pipelines, automated checks, release management).

Cloud / Containers / IaC

• Hands-on familiarity with Google Cloud security logging and incident response concepts.
• Working knowledge of containers (Docker) and Kubernetes fundamentals relevant to monitoring and incident response.
• Experience with infrastructure-as-code tools such as Terraform and configuration tooling such as Ansible (at least to interpret changes and support secure deployments).

Collaboration / Delivery

• Experience operating in Agile environments and collaborating with cross-functional engineering teams.
• Strong communication skills: can translate technical findings into actionable recommendations for both technical and non-technical stakeholders.

What You Will Need

Bachelor’s degree in Computer Science, Information Security, Engineering, or a related discipline OR equivalent combination of education and relevant hands-on experience in detection engineering, SOC operations, threat hunting, or security engineering.
Preferred (Certifications / Training)

• Splunk certifications (Core User/Power User/Admin; Splunk ES-focused training)
• MITRE ATT&CK training (Fundamentals / Detection Engineering / SOC Assessments / Purple Teaming)
• Cloud certs: Google Cloud Digital Leader or Associate Cloud Engineer (security-leaning experience is a plus)
• Security professional certs (examples): GCIH/GCIA/CISSP, Security+, or comparable
• Agile/SAFe training or certification (helpful for delivery alignment)

This is the pay range that Magnit reasonably expects to pay for this position: 76.78/hour - $102.38/hour

Benefits: Medical, Dental, Vision, 401K