Position Overview

The Lead Cybersecurity Defense Engineer serves as the organization’s senior-most technical authority within the defensive security domain. This role is responsible for setting technical direction, architecting advanced defensive capabilities, and driving continuous improvement across detection engineering, incident response, and security operations engineering at an enterprise scale.

The ideal candidate is a deeply experienced defensive security practitioner with extensive hands-on expertise in detection engineering, threat modeling, incident response, and security automation. This role leads the design of resilient, scalable, and threat-informed defensive controls aligned to real-world adversary behavior and organizational risk. The Defense Engineer IV partners closely with SOC leadership, security engineering, identity, cloud, infrastructure, and application teams to influence design decisions, close systemic gaps, and ensure defensive capabilities evolve alongside the threat landscape.

This role operates with a high degree of autonomy and is expected to mentor senior engineers, set engineering standards, guide response strategy during complex incidents, and represent defensive security expertise in architecture reviews, risk discussions, and executive-facing initiatives. While not a people manager, the Lead Cybersecurity Defense Engineer functions as a principal technical leader, shaping how the organization prevents, detects, and responds to advanced threats.

A Day in the Life

Detection Strategy & Defensive Architecture Leadership

• Define and drive the enterprise detection engineering strategy aligned to real-world adversary behavior.
• Architect advanced detection capabilities across platforms to ensure comprehensive, scalable coverage.
• Establish standards for detection quality, fidelity, testing, and lifecycle management.
• Ensure consistent and meaningful mapping of detections to the MITRE ATT&CK framework across the organization.
• Translate threat intelligence, emerging attack techniques, and incident learnings into systemic defensive improvements.
• Lead development of advanced response playbooks and decision frameworks for complex attack scenarios.

Advanced Incident Response Leadership & MSSP Oversight

• Act as the senior technical authority during high-impact or complex security incidents.
• Guide response strategy, investigation approach, and containment decisions during major incidents.
• Provide technical oversight of MSSP performance, detection coverage, and response effectiveness.
• Influence SOC operating models, escalation criteria, and response workflows through technical leadership.
• Represent defensive security expertise in cross-functional incident reviews and risk discussions.

Automation, Technical Mentorship & Program Maturity

• Design and oversee advanced SOAR architectures and automation strategies at scale.
• Define and report on program-level metrics such as MTTD, MTTR, and detection coverage maturity.
• Mentor senior engineers and SOC leaders through technical coaching and design reviews.
• Influence defensive tooling selection, architecture decisions, and long-term capability investments.
• Ensure documentation, standards, and engineering practices support long-term scalability and resilience.

Scope & Impact

• This position has enterprise-wide impact on the organization’s cyber defense posture by setting technical direction and shaping the design of advanced detection and response capabilities.
• The role requires deep, authoritative expertise in detection engineering, incident response, threat modeling, and security operations engineering, with the ability to make high-consequence technical decisions in complex and ambiguous environments.
• The Defense Engineer IV is accountable for the effectiveness, scalability, and maturity of detection and response capabilities across the enterprise, directly influencing MTTD, MTTR, and overall defensive coverage.
• This role serves as the senior-most technical escalation point during high-impact or complex security incidents, guiding response strategy and shaping executive-level outcomes.
• The position has significant influence over SOC and MSSP operating models, performance expectations, and value delivery through technical leadership and oversight.
• Decisions made in this role affect enterprise-wide security visibility, architectural resilience, and the organization’s ability to detect and respond to emerging and advanced threats.
• The role drives long-term continuous improvement by translating threat intelligence, incident trends, and systemic gaps into architectural and program-level defensive enhancements.
• This position elevates organizational capability by mentoring senior engineers, setting engineering standards, and shaping defensive security culture without direct people management responsibility.
• The role directly supports enterprise risk management by ensuring defensive capabilities evolve in alignment with business growth, technology changes, and the threat landscape.

You'll Come With

• Bachelor's or Master’s degree in Computer Science or related field.

• 10+ years of experience IT
• 7+ technical cybersecurity experience (3+ years incident response and/or detection engineering and 3+ years in cybersecurity engineering)
• Expert level knowledge of detection engineering and incident response
• At least 1 expert level cybersecurity certification such as CISSP, CASP, CCSP, etc.

#LI-KG2

Come join our team. You’re going to like it here!  

Compensation Range: $115,000.00 - $150,000.00