Lennar
Sr Security Engineer, Detection Engineering
Lennar is one of the nation's leading homebuilders, dedicated to building quality homes and providing exceptional customer service, giving back to the community, and fostering a culture of opportunity and growth. Lennar is recognized as a Fortune 500® company and consistently ranked among the top homebuilders in the United States.
The Sr Security Engineer, Detection Engineering leads detection engineering, automation, and monitoring and participates in incident response activities to protect the organization’s IT infrastructure. This role is responsible for designing, implementing, optimizing, and automating security operations processes, leveraging technologies such as Microsoft Sentinel, Purview, Defender, and Palo Alto Cortex XDR. The engineer collaborates with SOC analysts, MDR partners, and cross‑functional teams to ensure rapid detection and effective response to security threats.
Your Responsibilities On The Team
Detection Engineering:
Design, develop, and continuously optimize detection rules, analytics, and use cases for SIEM and XDR platforms (e.g., Microsoft Sentinel, Palo Alto Cortex XDR) to enhance threat detection and minimize false positives.
Integrate threat intelligence feeds and behavioral analytics to improve detection capabilities and proactively identify emerging threats.
Automation Engineering:
Architect and implement automation workflows using SOAR platforms and native integrations to streamline incident response, alert triage, and remediation processes.
Develop playbooks and automated response actions to accelerate containment and recovery during security incidents.
Incident Response:
Participate in the full incident response lifecycle, including detection, containment, eradication, recovery, and post‑incident analysis for complex security events.
Conduct forensic investigations, root cause analysis, and collaborate with internal and external stakeholders to ensure effective resolution and documentation of incidents.
Maintain readiness for rapid response to critical security events, including on‑call rotations and after‑hours escalations.
Security Operations:
Monitor and analyze security events in real time across diverse environments (cloud, on‑premises, hybrid) using SIEM, XDR, and log management platforms.
Conduct investigations and escalation of security incidents, collaborating with MDR partners and SOC analysts to ensure timely and effective response.
Tune and optimize SIEM rules, alerts, dashboards, and reporting mechanisms for improved visibility and operational efficiency.
Technology Stack Expertise:
Demonstrate hands‑on experience with Microsoft security technologies (Sentinel, Purview, Defender for Cloud, Defender for Endpoint) and Palo Alto Cortex XDR.
Integrate and manage security controls across cloud and endpoint environments, ensuring alignment with organizational policies and regulatory requirements.
Metrics & Reporting:
Develop and maintain SOC metrics, dashboards, and executive‑level reporting on incident trends, detection effectiveness, automation outcomes, and overall SOC performance.
Provide actionable insights and recommendations to leadership based on SOC data and security operations outcomes.
Collaboration & Mentorship:
Provide mentorship, guidance, and training to SOC analysts and junior team members.
Work closely with engineering, IT, business units, and MDR partners to align security operations with organizational goals and drive cross‑functional initiatives.
Continuous Improvement:
Contribute to the development and enhancement of SOC processes, playbooks, and best practices.
Stay current with industry trends, emerging threats, and new technologies to ensure the SOC remains effective and resilient.
Requirements
Education: Bachelor’s degree required in Computer Science, Cybersecurity, Engineering, or a related field. Master’s degree preferred.
Experience:
5+ years in security operations, focused on SOC environments, incident detection/response, and threat hunting.
5+ years implementing and managing SIEM and XDR technologies in a mid‑to‑large‑scale enterprise environment.
5+ years with detection engineering—developing and tuning detection rules, analytics, and use cases for SIEM and XDR platforms.
3+ years with automation engineering—designing and implementing automated workflows for incident response and alert triage using SOAR platforms or native integrations.
Strong knowledge of Microsoft Security Solutions (Purview, Defender for Cloud, Defender for Endpoint) and Palo Alto Cortex XDR.
Certifications: CISSP, CEH, GCIH, CySA+, SC‑200, AWS Security Specialty, or similar advanced security certifications (preferred).
Additional Skills, Knowledge, and Experience
Expert‑level proficiency in detection engineering and automation engineering for SIEM and XDR platforms.
Deep understanding of incident response methodologies, forensic investigation, malware analysis, and root cause analysis.
Strong knowledge of Microsoft security technologies and Palo Alto Cortex XDR.
Experience integrating threat intelligence feeds, behavioral analytics, and data sources to enhance detection and response.
Proficiency in cloud security, endpoint protection, network security principles, and protecting hybrid and multi‑cloud environments.
Familiarity with vulnerability management tools (Rapid7, Nessus, Qualys) and experience conducting network‑based vulnerability assessments.
Experienced in developing and maintaining SOC metrics, dashboards, and executive‑level reporting.
Ability to maintain productive communication with security solution partners, vendors, service providers, and consulting entities.
Skilled in facilitating productive meetings and working successfully in a team‑oriented environment.
Additional Requirements
Continuous Learning: Commitment to staying current with industry trends and pursuing relevant certifications and training.
Travel: Occasional travel (less than 25%) may be required for incident response or business needs.
Physical & Office/Site Presence Requirements This is a primarily sedentary office position that requires the incumbent to be able to operate computer equipment, speak, hear, bend, stoop, reach, lift, and move, and carry up to 25 lbs. Finger dexterity is necessary. 10‑20% of travel may be required.
Life at Lennar Lennar offers a comprehensive array of benefits: robust health insurance (Medical, Dental, Vision), a 401(k) Retirement Plan with a $1 for $1 company match up to 5%, Paid Parental Leave, an Associate Assistance Plan, an Education Assistance Program, and up to $30,000 in Adoption Assistance. Employees enjoy up to three weeks of vacation annually, along with generous Holiday, Sick Leave, and Personal Day policies. Additional perks include a New Hire Referral Bonus Program, significant Home Purchase Discounts, and unique opportunities such as Everyone’s Included Day.
Lennar is an equal opportunity employer and complies with all applicable federal, state, and local fair employment practices laws.
#J-18808-Ljbffr
The Sr Security Engineer, Detection Engineering leads detection engineering, automation, and monitoring and participates in incident response activities to protect the organization’s IT infrastructure. This role is responsible for designing, implementing, optimizing, and automating security operations processes, leveraging technologies such as Microsoft Sentinel, Purview, Defender, and Palo Alto Cortex XDR. The engineer collaborates with SOC analysts, MDR partners, and cross‑functional teams to ensure rapid detection and effective response to security threats.
Your Responsibilities On The Team
Detection Engineering:
Design, develop, and continuously optimize detection rules, analytics, and use cases for SIEM and XDR platforms (e.g., Microsoft Sentinel, Palo Alto Cortex XDR) to enhance threat detection and minimize false positives.
Integrate threat intelligence feeds and behavioral analytics to improve detection capabilities and proactively identify emerging threats.
Automation Engineering:
Architect and implement automation workflows using SOAR platforms and native integrations to streamline incident response, alert triage, and remediation processes.
Develop playbooks and automated response actions to accelerate containment and recovery during security incidents.
Incident Response:
Participate in the full incident response lifecycle, including detection, containment, eradication, recovery, and post‑incident analysis for complex security events.
Conduct forensic investigations, root cause analysis, and collaborate with internal and external stakeholders to ensure effective resolution and documentation of incidents.
Maintain readiness for rapid response to critical security events, including on‑call rotations and after‑hours escalations.
Security Operations:
Monitor and analyze security events in real time across diverse environments (cloud, on‑premises, hybrid) using SIEM, XDR, and log management platforms.
Conduct investigations and escalation of security incidents, collaborating with MDR partners and SOC analysts to ensure timely and effective response.
Tune and optimize SIEM rules, alerts, dashboards, and reporting mechanisms for improved visibility and operational efficiency.
Technology Stack Expertise:
Demonstrate hands‑on experience with Microsoft security technologies (Sentinel, Purview, Defender for Cloud, Defender for Endpoint) and Palo Alto Cortex XDR.
Integrate and manage security controls across cloud and endpoint environments, ensuring alignment with organizational policies and regulatory requirements.
Metrics & Reporting:
Develop and maintain SOC metrics, dashboards, and executive‑level reporting on incident trends, detection effectiveness, automation outcomes, and overall SOC performance.
Provide actionable insights and recommendations to leadership based on SOC data and security operations outcomes.
Collaboration & Mentorship:
Provide mentorship, guidance, and training to SOC analysts and junior team members.
Work closely with engineering, IT, business units, and MDR partners to align security operations with organizational goals and drive cross‑functional initiatives.
Continuous Improvement:
Contribute to the development and enhancement of SOC processes, playbooks, and best practices.
Stay current with industry trends, emerging threats, and new technologies to ensure the SOC remains effective and resilient.
Requirements
Education: Bachelor’s degree required in Computer Science, Cybersecurity, Engineering, or a related field. Master’s degree preferred.
Experience:
5+ years in security operations, focused on SOC environments, incident detection/response, and threat hunting.
5+ years implementing and managing SIEM and XDR technologies in a mid‑to‑large‑scale enterprise environment.
5+ years with detection engineering—developing and tuning detection rules, analytics, and use cases for SIEM and XDR platforms.
3+ years with automation engineering—designing and implementing automated workflows for incident response and alert triage using SOAR platforms or native integrations.
Strong knowledge of Microsoft Security Solutions (Purview, Defender for Cloud, Defender for Endpoint) and Palo Alto Cortex XDR.
Certifications: CISSP, CEH, GCIH, CySA+, SC‑200, AWS Security Specialty, or similar advanced security certifications (preferred).
Additional Skills, Knowledge, and Experience
Expert‑level proficiency in detection engineering and automation engineering for SIEM and XDR platforms.
Deep understanding of incident response methodologies, forensic investigation, malware analysis, and root cause analysis.
Strong knowledge of Microsoft security technologies and Palo Alto Cortex XDR.
Experience integrating threat intelligence feeds, behavioral analytics, and data sources to enhance detection and response.
Proficiency in cloud security, endpoint protection, network security principles, and protecting hybrid and multi‑cloud environments.
Familiarity with vulnerability management tools (Rapid7, Nessus, Qualys) and experience conducting network‑based vulnerability assessments.
Experienced in developing and maintaining SOC metrics, dashboards, and executive‑level reporting.
Ability to maintain productive communication with security solution partners, vendors, service providers, and consulting entities.
Skilled in facilitating productive meetings and working successfully in a team‑oriented environment.
Additional Requirements
Continuous Learning: Commitment to staying current with industry trends and pursuing relevant certifications and training.
Travel: Occasional travel (less than 25%) may be required for incident response or business needs.
Physical & Office/Site Presence Requirements This is a primarily sedentary office position that requires the incumbent to be able to operate computer equipment, speak, hear, bend, stoop, reach, lift, and move, and carry up to 25 lbs. Finger dexterity is necessary. 10‑20% of travel may be required.
Life at Lennar Lennar offers a comprehensive array of benefits: robust health insurance (Medical, Dental, Vision), a 401(k) Retirement Plan with a $1 for $1 company match up to 5%, Paid Parental Leave, an Associate Assistance Plan, an Education Assistance Program, and up to $30,000 in Adoption Assistance. Employees enjoy up to three weeks of vacation annually, along with generous Holiday, Sick Leave, and Personal Day policies. Additional perks include a New Hire Referral Bonus Program, significant Home Purchase Discounts, and unique opportunities such as Everyone’s Included Day.
Lennar is an equal opportunity employer and complies with all applicable federal, state, and local fair employment practices laws.
#J-18808-Ljbffr