Lennar
Sr Security Engineer, Detection Engineering
Join Lennar as a Senior Security Engineer, Detection Engineering, leading detection engineering, automation, and monitoring while participating in incident response activities to safeguard the organization’s IT infrastructure.
This role is responsible for designing, implementing, optimizing, and automating security operations processes using Microsoft Sentinel, Purview, Defender, and Palo Alto Cortex XDR. The Engineer collaborates with SOC analysts, MDR partners, and cross‑functional teams to ensure rapid detection and effective response to security threats.
Key Responsibilities
Detection Engineering:
Design, develop, and continuously optimize detection rules, analytics, and use cases for SIEM and XDR platforms (e.g., Microsoft Sentinel, Palo Alto Cortex XDR).
Integrate threat intelligence feeds and behavioral analytics to improve detection capabilities and proactively identify emerging threats.
Automation Engineering:
Architect and implement automation workflows using SOAR platforms and native integrations to streamline incident response, alert triage, and remediation processes.
Develop playbooks and automated response actions to accelerate containment and recovery during security incidents.
Incident Response:
Participate in the full incident response lifecycle, including detection, containment, eradication, recovery, and post‑incident analysis for complex security events.
Conduct forensic investigations, root‑cause analysis, and collaborate with internal and external stakeholders to ensure effective resolution and documentation of incidents.
Maintain readiness for rapid response to critical security events, including participation in on‑call rotations and after‑hours escalations.
Security Operations:
Monitor and analyze security events in real time across diverse environments (cloud, on‑premises, hybrid) using SIEM, XDR, and log‑management platforms.
Conduct investigations and escalation of security incidents, collaborating with MDR partners and SOC analysts.
Tune and optimize SIEM rules, alerts, dashboards, and reporting mechanisms for improved visibility and operational efficiency.
Technology Stack Expertise:
Hands‑on experience with Microsoft security technologies (Sentinel, Purview, Defender for Cloud, Defender for Endpoint) and Palo Alto Cortex XDR.
Integrate and manage security controls across cloud and endpoint environments, ensuring alignment with organizational policies and regulatory requirements.
Metrics & Reporting:
Develop and maintain SOC metrics, dashboards, and executive‑level reporting on incident trends, detection effectiveness, automation outcomes, and overall SOC performance.
Provide actionable insights and recommendations to leadership based on analysis of SOC data and security operations outcomes.
Collaboration & Mentorship:
Provide mentorship, guidance, and training to SOC analysts and junior team members, fostering a culture of continuous improvement and knowledge sharing.
Work closely with engineering, IT, business units, and MDR partners to align security operations with organizational goals and drive cross‑functional initiatives.
Continuous Improvement:
Contribute to the development and enhancement of SOC processes, playbooks, and best practices.
Stay current with industry trends, emerging threats, and new technologies to ensure the SOC remains effective and resilient.
Requirements
Education: Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or related field. Master’s degree preferred.
Experience:
5+ years in security operations with focus on SOC environments, incident detection/response, and threat hunting.
5+ years implementing and managing SIEM and XDR technologies in a mid‑to‑large enterprise, including Microsoft Sentinel and Palo Alto Cortex XDR.
5+ years in detection engineering for SIEM and XDR platforms.
3+ years in automation engineering using SOAR platforms or native integrations.
Strong knowledge of Microsoft Security Solutions (Purview, Defender for Cloud, Defender for Endpoint) and Palo Alto Cortex XDR.
Certifications: CISSP, CEH, GCIH, CySA+, SC‑200, AWS Security Specialty, or similar advanced security certifications preferred.
Additional Skills, Knowledge, and Experience
Expert‑level proficiency in detection engineering, learning and tuning of detection rules, analytics, and use cases for SIEM and XDR platforms.
Advanced automation engineering skills, designing automated workflows for incident response and alert triage.
Deep understanding of incident response methodologies, forensic investigation, malware analysis, and root‑cause analysis.
Strong knowledge of Microsoft security technologies and Palo Alto Cortex XDR.
Experience integrating threat intelligence feeds and behavioral analytics.
Proficiency in cloud, endpoint, and network security for hybrid and multi‑cloud environments.
Familiarity with vulnerability management tools (Rapid7, Nessus, Qualys) and network‑based vulnerability assessments.
Skilled in developing SOC metrics, dashboards, and executive reporting.
Excellent communication with security solution partners, vendors, and consulting entities.
Team orientation and facilitation of productive meetings.
Additional Requirements
Continuous learning: Commitment to staying current with industry trends and pursuing relevant certifications and training.
Travel: Occasional travel (less than 25%) may be required to support incident response or business requirements.
Physical & Office/Site Presence Requirements This is primarily a sedentary office position requiring the incumbent to operate computer equipment, speak, hear, bend, stoop, reach, lift, and move and carry up to 25 lbs. Finger dexterity is necessary. 10‑20% travel is required.
Life at Lennar At Lennar we support a supportive and enriching environment, offering health insurance (Medical, Dental, Vision), 401(k) with $1 for $1 match up to 5%, Paid Parental Leave, Associate Assistance Plan, Education Assistance, up to $30,000 adoption assistance, vacation, holiday, sick leave, personal days, referral bonus, home purchase discounts, and more. Learn more at Lennartotalrewards.com.
EEO Statement Lennar is an equal opportunity employer and complies with all applicable federal, state, and local fair employment practices laws.
Job Details
Seniority level: Mid‑Senior level
Employment type: Full‑time
Job function: Information Technology
#J-18808-Ljbffr
This role is responsible for designing, implementing, optimizing, and automating security operations processes using Microsoft Sentinel, Purview, Defender, and Palo Alto Cortex XDR. The Engineer collaborates with SOC analysts, MDR partners, and cross‑functional teams to ensure rapid detection and effective response to security threats.
Key Responsibilities
Detection Engineering:
Design, develop, and continuously optimize detection rules, analytics, and use cases for SIEM and XDR platforms (e.g., Microsoft Sentinel, Palo Alto Cortex XDR).
Integrate threat intelligence feeds and behavioral analytics to improve detection capabilities and proactively identify emerging threats.
Automation Engineering:
Architect and implement automation workflows using SOAR platforms and native integrations to streamline incident response, alert triage, and remediation processes.
Develop playbooks and automated response actions to accelerate containment and recovery during security incidents.
Incident Response:
Participate in the full incident response lifecycle, including detection, containment, eradication, recovery, and post‑incident analysis for complex security events.
Conduct forensic investigations, root‑cause analysis, and collaborate with internal and external stakeholders to ensure effective resolution and documentation of incidents.
Maintain readiness for rapid response to critical security events, including participation in on‑call rotations and after‑hours escalations.
Security Operations:
Monitor and analyze security events in real time across diverse environments (cloud, on‑premises, hybrid) using SIEM, XDR, and log‑management platforms.
Conduct investigations and escalation of security incidents, collaborating with MDR partners and SOC analysts.
Tune and optimize SIEM rules, alerts, dashboards, and reporting mechanisms for improved visibility and operational efficiency.
Technology Stack Expertise:
Hands‑on experience with Microsoft security technologies (Sentinel, Purview, Defender for Cloud, Defender for Endpoint) and Palo Alto Cortex XDR.
Integrate and manage security controls across cloud and endpoint environments, ensuring alignment with organizational policies and regulatory requirements.
Metrics & Reporting:
Develop and maintain SOC metrics, dashboards, and executive‑level reporting on incident trends, detection effectiveness, automation outcomes, and overall SOC performance.
Provide actionable insights and recommendations to leadership based on analysis of SOC data and security operations outcomes.
Collaboration & Mentorship:
Provide mentorship, guidance, and training to SOC analysts and junior team members, fostering a culture of continuous improvement and knowledge sharing.
Work closely with engineering, IT, business units, and MDR partners to align security operations with organizational goals and drive cross‑functional initiatives.
Continuous Improvement:
Contribute to the development and enhancement of SOC processes, playbooks, and best practices.
Stay current with industry trends, emerging threats, and new technologies to ensure the SOC remains effective and resilient.
Requirements
Education: Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or related field. Master’s degree preferred.
Experience:
5+ years in security operations with focus on SOC environments, incident detection/response, and threat hunting.
5+ years implementing and managing SIEM and XDR technologies in a mid‑to‑large enterprise, including Microsoft Sentinel and Palo Alto Cortex XDR.
5+ years in detection engineering for SIEM and XDR platforms.
3+ years in automation engineering using SOAR platforms or native integrations.
Strong knowledge of Microsoft Security Solutions (Purview, Defender for Cloud, Defender for Endpoint) and Palo Alto Cortex XDR.
Certifications: CISSP, CEH, GCIH, CySA+, SC‑200, AWS Security Specialty, or similar advanced security certifications preferred.
Additional Skills, Knowledge, and Experience
Expert‑level proficiency in detection engineering, learning and tuning of detection rules, analytics, and use cases for SIEM and XDR platforms.
Advanced automation engineering skills, designing automated workflows for incident response and alert triage.
Deep understanding of incident response methodologies, forensic investigation, malware analysis, and root‑cause analysis.
Strong knowledge of Microsoft security technologies and Palo Alto Cortex XDR.
Experience integrating threat intelligence feeds and behavioral analytics.
Proficiency in cloud, endpoint, and network security for hybrid and multi‑cloud environments.
Familiarity with vulnerability management tools (Rapid7, Nessus, Qualys) and network‑based vulnerability assessments.
Skilled in developing SOC metrics, dashboards, and executive reporting.
Excellent communication with security solution partners, vendors, and consulting entities.
Team orientation and facilitation of productive meetings.
Additional Requirements
Continuous learning: Commitment to staying current with industry trends and pursuing relevant certifications and training.
Travel: Occasional travel (less than 25%) may be required to support incident response or business requirements.
Physical & Office/Site Presence Requirements This is primarily a sedentary office position requiring the incumbent to operate computer equipment, speak, hear, bend, stoop, reach, lift, and move and carry up to 25 lbs. Finger dexterity is necessary. 10‑20% travel is required.
Life at Lennar At Lennar we support a supportive and enriching environment, offering health insurance (Medical, Dental, Vision), 401(k) with $1 for $1 match up to 5%, Paid Parental Leave, Associate Assistance Plan, Education Assistance, up to $30,000 adoption assistance, vacation, holiday, sick leave, personal days, referral bonus, home purchase discounts, and more. Learn more at Lennartotalrewards.com.
EEO Statement Lennar is an equal opportunity employer and complies with all applicable federal, state, and local fair employment practices laws.
Job Details
Seniority level: Mid‑Senior level
Employment type: Full‑time
Job function: Information Technology
#J-18808-Ljbffr