Lennar Homes
Sr Security Engineer, Detection Engineering
Lennar Homes, Irving, Texas, United States, 75061
Sr Security Engineer, Detection Engineering
Before applying for this role, please read the following information about this opportunity found below. We are Lennar Lennar is one of the nation's leading homebuilders, dedicated to making an impact and creating an extraordinary experience for their Homeowners, Communities, and Associates by building quality homes and providing exceptional customer service, giving back to the communities in which we work and live in, and fostering a culture of opportunity and growth for our Associates throughout their career. Lennar has been recognized as a Fortune 500® company and consistently ranked among the top homebuilders in the United States. Join a Company that Empowers you to Build your Future The Sr Security Engineer, Detection Engineeringleads detection engineering, automation, and monitoring and participates in incident response activities to protect the organization’s IT infrastructure. This role is responsible for designing, implementing, optimizing, and automating security operations processes, leveraging advanced technologies such as Microsoft Sentinel, Purview, Defender, and Palo Alto Cortex XDR. The Sr. Cybersecurity Engineer collaborates with SOC analysts, MDR partners, and cross-functional teams to ensure rapid detection and effective response to security threats. A career with purpose.
A career built on making dreams come true.
A career built on building zero defect homes, cost management, and adherence to schedules.
Your Responsibilities on the Team Systems Security: Detection Engineering: Design, develop, and continuously optimize detection rules, analytics, and use cases for SIEM and XDR platforms (e.g., Microsoft Sentinel, Palo Alto Cortex XDR) to enhance threat detection and minimize false positives.
Integrate threat intelligence feeds and behavioral analytics to improve detection capabilities and proactively identify emerging threats.
Automation Engineering: Architect and implement automation workflows using SOAR platforms and native integrations to streamline incident response, alert triage, and remediation processes.
Develop playbooks and automated response actions to accelerate containment and recovery during security incidents.
Incident Response: Participate in the full incident response lifecycle, including detection, containment, eradication, recovery, and post-incident analysis for complex security events.
Conduct forensic investigations, root cause analysis, and collaborate with internal and external stakeholders to ensure effective resolution and documentation of incidents.
Maintain readiness for rapid response to critical security events, including participation in on-call rotations and after-hours escalations.
Security Operations: Monitor and analyze security events in real-time across diverse environments (cloud, on-premises, hybrid) using SIEM, XDR, and log management platforms.
Conduct investigations, and escalation of security incidents, collaborating with MDR partners and SOC analysts to ensure timely and effective response.
Tune and optimize SIEM rules, alerts, dashboards, and reporting mechanisms for improved visibility and operational efficiency.
Technology Stack Expertise: Demonstrate hands-on experience with Microsoft security technologies (Sentinel, Purview, Defender for Cloud, Defender for Endpoint) and Palo Alto Cortex XDR.
Integrate and manage security controls across cloud and endpoint environments, ensuring alignment with organizational policies and regulatory requirements.
Metrics & Reporting: Develop and maintain SOC metrics, dashboards, and executive-level reporting on incident trends, detection effectiveness, automation outcomes, and overall SOC performance.
Provide actionable insights and recommendations to leadership based on analysis of SOC data and security operations outcomes.
Collaboration & Mentorship: Provide mentorship, guidance, and training to SOC analysts and junior team members, fostering a culture of continuous improvement and knowledge sharing.
Work closely with engineering, IT, business units, and MDR partners to align security operations with organizational goals and drive cross-functional initiatives.
Continuous Improvement: Contribute to the development and enhancement of SOC processes, playbooks, and best practices.
Stay current with industry trends, emerging threats, and new technologies to ensure the SOC remains effective and resilient.
Requirements Education:
Bachelor’s degree required in Computer Science, Cybersecurity, Engineering, or related field. Master’s degree preferred.
Experience: 5+ years of relevant work experience in security operations, with a focus on SOC environments, incident detection/response, and threat hunting.
5+ years of experience implementing and managing SIEM and XDR technologies in a mid to large-scale enterprise environment, including Microsoft Sentinel and Palo Alto Cortex XDR.
5+ years of experience with detection engineering, including developing and tuning detection rules, analytics, and use cases for SIEM and XDR platforms.
3+ years of experience with automation engineering, designing and implementing automated workflows for incident response and alert triage using SOAR platforms or native integrations.
Strong knowledge and experience with Microsoft Security Solutions, such as Microsoft Purview, Defender for Cloud, and Defender for Endpoint, and Palo Alto Cortex XDR.
Certifications:
Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), CompTIA Cybersecurity Analyst+ (CySA+), Microsoft Security Operations Center Analyst (SC-200), AWS Certified Security-Specialty, or similar advanced security certifications preferred.
Additional Skills, Knowledge, and Experience: Expert-level proficiency in detection engineering, including the creation, tuning, and optimization of detection rules, analytics, and use cases for SIEM and XDR platforms (e.g., Microsoft Sentinel, Palo Alto Cortex XDR).
Advanced skills in automation engineering, with hands-on experience designing and implementing automated workflows for incident response, alert triage, and remediation using SOAR platforms and native integrations.
Deep understanding of incident response methodologies, forensic investigation, malware analysis, and root cause analysis for complex security events.
Strong knowledge of Microsoft security technologies, including Sentinel, Purview, Defender for Cloud, and Defender for Endpoint, as well as Palo Alto Cortex XDR for threat detection, investigation, and response.
Experience integrating and operationalizing threat intelligence feeds, behavioral analytics, and data sources to enhance detection and response capabilities.
Proficiency in cloud security, endpoint protection, network security principles, and current threat landscape, with the ability to secure hybrid and multi-cloud environments.
Familiarity with vulnerability management tools (e.g., Rapid7, Nessus, Qualys), and experience conducting network-based vulnerability assessments.
Skilled in developing and maintaining SOC metrics, dashboards, and executive-level reporting on incident trends, detection effectiveness, and automation outcomes.
Maintain and foster productive communication channels with security solution partners, vendors, service providers, and consulting entities.
Ability to facilitate productive meetings and work successfully in a team-oriented environment.
Additional Requirements: Continuous Learning:
Commitment to staying current with industry trends and pursuing relevant certifications and training.
Travel:
Occasional travel (less than 25%) may be required to support incident response or business requirements.
This role is ideal for a motivated security operations center engineer looking to use and build upon their existing technical skillsets. This role will deliver significant and essential security services necessary to protect the business operations of a large-scale enterprise. If you are passionate about cybersecurity and eager to grow in a fast-paced, collaborative environment, we encourage you to apply. Physical & Office/Site Presence Requirements: This is primarily a sedentary office position which requires the incumbent to have the ability to operate computer equipment, speak, hear, bend, stoop, reach, lift, and move and carry up to 25 lbs. Finger dexterity is necessary. 10-20% of travel is required. This description outlines the basic responsibilities and requirements for the position noted. This is not a comprehensive listing of all job duties of the Associates. Duties, responsibilities and activities may change at any time with or without notice. Life at Lennar At Lennar, we are committed to fostering a supportive and enriching environment for our Associates, offering a comprehensive array of benefits designed to enhance their well-being and professional growth. Our Associates have access to robust health insurance plans, including Medical, Dental, and Vision coverage, ensuring their health needs are well taken care of. Our 401(k) Retirement Plan, complete with a $1 for $1 Company Match up to 5%, helps secure their financial future, while Paid Parental Leave and an Associate Assistance Plan provide essential support during life's critical moments. To further support our Associates, we provide an Education Assistance Program and up to $30,000 in Adoption Assistance, underscoring our commitment to their diverse needs and aspirations. From the moment of hire, they can enjoy up to three weeks of vacation annually, alongside generous Holiday, Sick Leave, and Personal Day policies. Additionally, we offer a New Hire Referral Bonus Program, significant Home Purchase Discounts, and unique opportunities such as the Everyone’s Included Day. At Lennar, we believe in investing in our Associates, empowering them to thrive both personally and professionally. Lennar Associates will have access to these benefits as outlined by Lennar’s policies and applicable plan terms. Visit Lennartotalrewards.com to view our suite of benefits. Join the fun and follow us on social media to see what's happening at our company, and don't forget to connect with us on Lennar: Overview | LinkedInhttps://www.linkedin.com/company/lennar/> for the latest job opportunities. Lennar is an equal opportunity employer and complies with all applicable federal, state, and local fair employment practices laws.
Before applying for this role, please read the following information about this opportunity found below. We are Lennar Lennar is one of the nation's leading homebuilders, dedicated to making an impact and creating an extraordinary experience for their Homeowners, Communities, and Associates by building quality homes and providing exceptional customer service, giving back to the communities in which we work and live in, and fostering a culture of opportunity and growth for our Associates throughout their career. Lennar has been recognized as a Fortune 500® company and consistently ranked among the top homebuilders in the United States. Join a Company that Empowers you to Build your Future The Sr Security Engineer, Detection Engineeringleads detection engineering, automation, and monitoring and participates in incident response activities to protect the organization’s IT infrastructure. This role is responsible for designing, implementing, optimizing, and automating security operations processes, leveraging advanced technologies such as Microsoft Sentinel, Purview, Defender, and Palo Alto Cortex XDR. The Sr. Cybersecurity Engineer collaborates with SOC analysts, MDR partners, and cross-functional teams to ensure rapid detection and effective response to security threats. A career with purpose.
A career built on making dreams come true.
A career built on building zero defect homes, cost management, and adherence to schedules.
Your Responsibilities on the Team Systems Security: Detection Engineering: Design, develop, and continuously optimize detection rules, analytics, and use cases for SIEM and XDR platforms (e.g., Microsoft Sentinel, Palo Alto Cortex XDR) to enhance threat detection and minimize false positives.
Integrate threat intelligence feeds and behavioral analytics to improve detection capabilities and proactively identify emerging threats.
Automation Engineering: Architect and implement automation workflows using SOAR platforms and native integrations to streamline incident response, alert triage, and remediation processes.
Develop playbooks and automated response actions to accelerate containment and recovery during security incidents.
Incident Response: Participate in the full incident response lifecycle, including detection, containment, eradication, recovery, and post-incident analysis for complex security events.
Conduct forensic investigations, root cause analysis, and collaborate with internal and external stakeholders to ensure effective resolution and documentation of incidents.
Maintain readiness for rapid response to critical security events, including participation in on-call rotations and after-hours escalations.
Security Operations: Monitor and analyze security events in real-time across diverse environments (cloud, on-premises, hybrid) using SIEM, XDR, and log management platforms.
Conduct investigations, and escalation of security incidents, collaborating with MDR partners and SOC analysts to ensure timely and effective response.
Tune and optimize SIEM rules, alerts, dashboards, and reporting mechanisms for improved visibility and operational efficiency.
Technology Stack Expertise: Demonstrate hands-on experience with Microsoft security technologies (Sentinel, Purview, Defender for Cloud, Defender for Endpoint) and Palo Alto Cortex XDR.
Integrate and manage security controls across cloud and endpoint environments, ensuring alignment with organizational policies and regulatory requirements.
Metrics & Reporting: Develop and maintain SOC metrics, dashboards, and executive-level reporting on incident trends, detection effectiveness, automation outcomes, and overall SOC performance.
Provide actionable insights and recommendations to leadership based on analysis of SOC data and security operations outcomes.
Collaboration & Mentorship: Provide mentorship, guidance, and training to SOC analysts and junior team members, fostering a culture of continuous improvement and knowledge sharing.
Work closely with engineering, IT, business units, and MDR partners to align security operations with organizational goals and drive cross-functional initiatives.
Continuous Improvement: Contribute to the development and enhancement of SOC processes, playbooks, and best practices.
Stay current with industry trends, emerging threats, and new technologies to ensure the SOC remains effective and resilient.
Requirements Education:
Bachelor’s degree required in Computer Science, Cybersecurity, Engineering, or related field. Master’s degree preferred.
Experience: 5+ years of relevant work experience in security operations, with a focus on SOC environments, incident detection/response, and threat hunting.
5+ years of experience implementing and managing SIEM and XDR technologies in a mid to large-scale enterprise environment, including Microsoft Sentinel and Palo Alto Cortex XDR.
5+ years of experience with detection engineering, including developing and tuning detection rules, analytics, and use cases for SIEM and XDR platforms.
3+ years of experience with automation engineering, designing and implementing automated workflows for incident response and alert triage using SOAR platforms or native integrations.
Strong knowledge and experience with Microsoft Security Solutions, such as Microsoft Purview, Defender for Cloud, and Defender for Endpoint, and Palo Alto Cortex XDR.
Certifications:
Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), CompTIA Cybersecurity Analyst+ (CySA+), Microsoft Security Operations Center Analyst (SC-200), AWS Certified Security-Specialty, or similar advanced security certifications preferred.
Additional Skills, Knowledge, and Experience: Expert-level proficiency in detection engineering, including the creation, tuning, and optimization of detection rules, analytics, and use cases for SIEM and XDR platforms (e.g., Microsoft Sentinel, Palo Alto Cortex XDR).
Advanced skills in automation engineering, with hands-on experience designing and implementing automated workflows for incident response, alert triage, and remediation using SOAR platforms and native integrations.
Deep understanding of incident response methodologies, forensic investigation, malware analysis, and root cause analysis for complex security events.
Strong knowledge of Microsoft security technologies, including Sentinel, Purview, Defender for Cloud, and Defender for Endpoint, as well as Palo Alto Cortex XDR for threat detection, investigation, and response.
Experience integrating and operationalizing threat intelligence feeds, behavioral analytics, and data sources to enhance detection and response capabilities.
Proficiency in cloud security, endpoint protection, network security principles, and current threat landscape, with the ability to secure hybrid and multi-cloud environments.
Familiarity with vulnerability management tools (e.g., Rapid7, Nessus, Qualys), and experience conducting network-based vulnerability assessments.
Skilled in developing and maintaining SOC metrics, dashboards, and executive-level reporting on incident trends, detection effectiveness, and automation outcomes.
Maintain and foster productive communication channels with security solution partners, vendors, service providers, and consulting entities.
Ability to facilitate productive meetings and work successfully in a team-oriented environment.
Additional Requirements: Continuous Learning:
Commitment to staying current with industry trends and pursuing relevant certifications and training.
Travel:
Occasional travel (less than 25%) may be required to support incident response or business requirements.
This role is ideal for a motivated security operations center engineer looking to use and build upon their existing technical skillsets. This role will deliver significant and essential security services necessary to protect the business operations of a large-scale enterprise. If you are passionate about cybersecurity and eager to grow in a fast-paced, collaborative environment, we encourage you to apply. Physical & Office/Site Presence Requirements: This is primarily a sedentary office position which requires the incumbent to have the ability to operate computer equipment, speak, hear, bend, stoop, reach, lift, and move and carry up to 25 lbs. Finger dexterity is necessary. 10-20% of travel is required. This description outlines the basic responsibilities and requirements for the position noted. This is not a comprehensive listing of all job duties of the Associates. Duties, responsibilities and activities may change at any time with or without notice. Life at Lennar At Lennar, we are committed to fostering a supportive and enriching environment for our Associates, offering a comprehensive array of benefits designed to enhance their well-being and professional growth. Our Associates have access to robust health insurance plans, including Medical, Dental, and Vision coverage, ensuring their health needs are well taken care of. Our 401(k) Retirement Plan, complete with a $1 for $1 Company Match up to 5%, helps secure their financial future, while Paid Parental Leave and an Associate Assistance Plan provide essential support during life's critical moments. To further support our Associates, we provide an Education Assistance Program and up to $30,000 in Adoption Assistance, underscoring our commitment to their diverse needs and aspirations. From the moment of hire, they can enjoy up to three weeks of vacation annually, alongside generous Holiday, Sick Leave, and Personal Day policies. Additionally, we offer a New Hire Referral Bonus Program, significant Home Purchase Discounts, and unique opportunities such as the Everyone’s Included Day. At Lennar, we believe in investing in our Associates, empowering them to thrive both personally and professionally. Lennar Associates will have access to these benefits as outlined by Lennar’s policies and applicable plan terms. Visit Lennartotalrewards.com to view our suite of benefits. Join the fun and follow us on social media to see what's happening at our company, and don't forget to connect with us on Lennar: Overview | LinkedInhttps://www.linkedin.com/company/lennar/> for the latest job opportunities. Lennar is an equal opportunity employer and complies with all applicable federal, state, and local fair employment practices laws.