Senior Threat Detection Engineer

Meet Our Team

As a member of the Cloud Security Operations Center (CSOC), you will play a critical role in the continuous monitoring, threat detection, and protection of Pega's global cloud infrastructure and applications. You will collaborate with a team of highly skilled security analysts, detection engineers, and incident responders who are committed to defending Pega Cloud against evolving cyber threats. This role offers the opportunity to work with cutting-edge security technologies including a sophisticated cloud-native SIEM, advanced threat intelligence platforms, and cloud-native security tools across various multi-cloud environments.

Picture Yourself At Pega

Pega Cloud is a comprehensive, enterprise-grade SaaS platform that powers mission-critical CRM and business process management (BPM) applications for global organizations. As a Senior Detection Engineer, you will architect and implement advanced detection strategies, build high-fidelity security analytics, and develop automated response capabilities to proactively identify and mitigate threats targeting Pega Cloud infrastructure and customer environments. Your work will directly impact the security posture of both Pega's internal operations and the applications that our clients depend on daily. This position offers significant responsibility, strategic influence, and visibility across the organization's security program.

What You'll Do At Pega

Detection Engineering

• Design, develop, and deploy high-fidelity YARA-L detection rules in Google Security Operations (SecOps/Chronicle) based on threat intelligence, adversary TTPs mapped to MITRE ATT&CK framework, and threat hypotheses derived from the Pega threat landscape and attack surface analysis
• Create advanced detection logic leveraging behavioral analytics, correlation rules, and multi-event sequences to identify sophisticated attack patterns across AWS, GCP, Kubernetes (EKS/GKE), and SaaS environments
• Build interactive dashboards and real-time monitoring visualizations to enhance situational awareness and provide actionable security insights for the CSOC and stakeholders
• Apply statistical modeling, data science methodologies, and machine learning techniques to identify anomalous behavior, outlier detection, and zero-day threat indicators across cloud telemetry and application logs
• Assist the Threat Detection Operations team in developing Detection-as-Code practices, maintaining version-controlled detection repositories and automated testing frameworks to ensure detection reliability and consistency
• Contribute to comprehensive investigation playbooks and runbooks for CSOC analysts to efficiently triage, investigate, and respond to high-confidence alerts, anomalous activity, and emerging threat scenarios
• Serve as a technical authority on Google SecOps/Chronicle platform capabilities, YARA-L detection engineering, UDM (Unified Data Model) schema design, and advanced query techniques
• Provide technical mentorship and training to CSOC analysts and detection engineers on YARA-L and UDM usage, Chronicle search methodologies, threat hunting techniques, and security data analysis
  
  

Detection Optimization & Tuning

• Continuously review, validate, and refine existing detection rules and analytics based on feedback from the Digital Forensics and Incident Response (DFIR) team, false positive analysis, and threat landscape evolution
• Conduct regular detection effectiveness assessments, measure key performance indicators (KPIs) including detection coverage, mean time to detect (MTTD), and alert precision metrics
• Optimize detection logic to reduce alert fatigue while maintaining comprehensive threat coverage across the MITRE ATT&CK matrix, with emphasis on cloud-specific tactics and techniques
• Collaborate with Security Engineering, Cloud Engineering, and IT teams to enhance log collection, data normalization, and telemetry enrichment for improved detection capabilities
• Partner with the SIEM Engineering team and other stakeholders to ensure comprehensive logging coverage, identify visibility gaps, and recommend telemetry enhancements for critical assets and attack vectors
  
  

Proactive Threat Hunting

• Execute hypothesis-driven threat hunts across Pega Cloud environments to proactively identify indicators of compromise (IOCs), adversary tradecraft, and persistence mechanisms that may evade automated detection systems
• Conduct targeted threat hunting campaigns in response to emerging vulnerabilities, zero-day exploits, and threat intelligence reports affecting cloud infrastructure, containerized workloads, and SaaS applications
• Translate threat hunting findings into actionable detection rules, threat intelligence artifacts, and security architecture improvements to strengthen defensive capabilities