Cyber Defense- Detection Engineer

Location Hybrid Malvern PA

Role Description

Zoetis is seeking a Cyber Defense Engineer (Manager) who will lead hands-on detection engineering and SOC operations to rapidly identify contain and resolve security threats. This role focuses on complex investigations, building and maintaining high-quality detections, automating response playbooks, and leading proactive threat hunting. The ideal candidate is a practitioner who blends engineering rigor with operational excellence comfortable scripting and integrating tools to create a cohesive automated defense ecosystem. They will partner closely with cross-functional teams to improve signal fidelity reduce false positives shorten time to detect, respond and continuously uplift our detection coverage aligned to MITRE ATT&CK.

POSITION RESPONSIBILITIES

• Build, maintain, and tune detections in our SIEM and EDR aligned to MITRE ATT&CK
• Design, develop, and maintain incident response playbooks, integrations, automations to orchestrate response efforts and evidence collection
• Lead hypothesis-driven threat hunting using telemetry from endpoints, identity, network, and cloud to uncover unknown threats.
• Own telemetry onboarding data quality and normalization ensuring reliable parsing enrichment context mapping and coverage across priority data sources
• Conduct detection QA and continuous tuning to reduce false positives improve precision and accelerate analyst decision-making
• Partner with Red Team and IR on purple-team exercises to validate detections close gaps and document improvements post-incident
• Participate in incident response as a hands-on responder focusing on rapid containment and translating lessons learned into new and improved detections and playbooks
• Create and track metrics for detection coverage fidelity alert volumes MTTA and MTTR using these insights to guide backlog and roadmap priorities
• Collaborate with IT and platform owners to enable logging controls and data pipelines required for high-quality detections while minimizing operational friction
• Provide mentorship and day-to-day guidance to analysts on detection logic triage techniques hunting methodologies and automation usage
• Stay current on evolving threats and platform capabilities and proactively introduce new detections hunting approaches and automation technique

EDUCATION AND EXPERIENCE

Education:

• Preferred - Bachelor's degree in computer science / information systems / business administration or relevant professional experience.
• 2+ years of direct hands-on experience in IT support automation using API's and python.
• 5+ years direct hands-on experience in a security operations role with an emphasis on incident response and automation.

TECHNICAL SKILLS REQUIREMENTS

• Experience in hypothesis-driven threat hunting, alert triage, and investigations using SIEM/EDR/NDR telemetry and cloud logs; understanding of core forensics concepts (host, network, identity).
• Some hands-on experience helping design, implement, and tune security controls (e.g., hardening baselines, logging/telemetry standards, segmentation, access controls, compensating controls) in regulated and hybrid environments.
• Working knowledge of security logging pipelines, normalization/enrichment, and data quality concepts to support detection, hunting, and response.
• Experience supporting automation and standardization efforts (SOAR, scripting, workflows); able to follow and help create playbooks/runbooks to reduce MTTR and operational toil.
• Exposure to analytics techniques that improve detection and response (e.g., reducing false positives, basic anomaly identification, prioritization) with focus on practical, usable outcomes.
• Experience with modern security platforms (SIEM, SOAR, EDR, network/email security); experience assisting with SIEM/SOAR content, integrations, or use-case development.
• Experience participating in incident response activities: following playbooks, documenting actions, escalating appropriately, and contributing to post-incident improvements.
• Working knowledge of administering and securing enterprise platforms (Windows Server and/or Linux/UNIX); familiarity with common enterprise architecture patterns and operational constraints.
• Ability to communicate security findings and risk clearly to technical and non-technical audiences; collaborative approach with stakeholders.
• Strong execution skills with the ability to manage multiple tasks, operate in a fast-paced environment, and contribute hands-on to troubleshooting and implementation with guidance.
• Contribute to building and maintaining SOPs, playbooks, and automation-first processes; help standardize repeatable workflows.
• Assist with defining and tracking SOC metrics/KPIs (e.g., detection coverage, alert quality, MTTD/MTTR, containment effectiveness) and help identify improvement opportunities.
• Support the delivery and maintenance of security tooling and detection/response capabilities (implement changes, tune detections, perform health checks) under senior guidance.
• Eager to learn from others and share knowledge with peers (without formal people-management expectations).
• Collaborate with risk/strategy and business partners to understand priorities and regulated requirements and help align day-to-day work to those needs.

PHYSICAL POSITION REQUIREMENTS

• Primarily office-based work involving sitting, computer use, and meetings.
• Ability to work flexible hours as needed to coordinate with global teams and support audit readiness activities.
• Occasional travel may be required for audits, regulatory meetings, or integration activities.
• No unusual physical demands or attendance requirements expected.

Travel Requirements: 5%-10%

Any unsolicited resumes sent to Zoetis from a third party, such as an Agency recruiter, including unsolicited resumes sent to a Zoetis mailing address, fax machine or email address, directly to Zoetis employees, or to Zoetis resume database will be considered Zoetis property. Zoetis will NOT pay a fee for any placement resulting from the receipt of an unsolicited resume.

Zoetis will consider any candidate for whom an Agency has submitted an unsolicited resume to have been referred by the Agency free of any charges or fees. This includes any Agency that is an approved/engaged vendor but does not have the appropriate approvals to be engaged on a search.