Sr. Cybersecurity Incident Response (Detection Engineer)

Location: Remoto from Mexico (Monterrey or Mexico City areas)

Role: Sr. Cybersecurity Incident Response (Detection Engineer)

Blue Yonder Job Profile: Sr. Security Engineer

As a Sr. Cybersecurity Incident Response (Detection Engineer), you will play a critical role within our Global Security Operations Center (SOC), responsible for 24/7 monitoring, detection, investigation, and response to cybersecurity threats across the enterprise. This position is essential to protecting our SaaS platforms, maintaining customer trust, and ensuring the security of our global supply chain. Leveraging advanced detection technologies, AI-driven playbooks, and threat intelligence, you will help reduce attacker dwell time, accelerate containment, and maintain compliance with stringent regulatory frameworks such as SEC, FedRAMP, and J-SOX.

In this role, you will design, implement, and optimize advanced detection capabilities across security platforms, ensuring high-fidelity alerts and efficient log ingestion pipelines. You will build and tune detection logic, minimize noise, and contribute to automation initiatives that strengthen our detection and response ecosystem. The ideal candidate brings deep technical expertise, strong analytical skills, and a commitment to continuous improvement. Experience with CrowdStrike is a strong plus.

• Detection Engineering
  • Develop and maintain high-quality detection rules across SIEM, EDR, and NDR platforms.
  • Continuously tune and refine detection logic to minimize false positives while ensuring coverage of critical threats.
• Log Management & Ingestion
  • Review and optimize log ingestion pipelines for efficiency and completeness.
  • Ensure parsing, normalization, and enrichment meet detection and reporting needs.
• Automation & SOAR
  • Implement automated response playbooks to reduce noise and streamline analyst workflows.
  • Integrate enrichment and threat intelligence sources to improve actionable alerting.
• Infrastructure & Architecture
  • Document and suggest improvements for SIEM and SOAR environments with precision and scalability in mind.
  • Ensure proper logging standards, data flows, and integrations are maintained and continuously improved.
• Metrics & Continuous Improvement
  • Define and track detection efficacy metrics (coverage, fidelity, alert-to-case ratio).
  • Lead post-incident detection reviews to close gaps and improve detection maturity.
  • Report to leadership on status, roadblocks and suggested methods to improve efficiency.
  • ensure compliance with IPO-grade regulatory requirements (e.g., SEC, FedRAMP, J-SOX).
• Collaboration & Knowledge Sharing
  • Work closely with SOC analysts, threat hunters, and incident responders to validate detections.
  • Create and maintain documentation, runbooks, and architectural diagrams with extreme attention to detail.

• Bachelor’s degree in Computer Science, Information Security, or a related field. Professional work experience will be considered in lieu of degree.
• 5+ years of experience in information security or cybersecurity.
• Expertise in developing and maintaining detection rules and optimizing log ingestion pipelines.
• Strong skills in automation and integration of threat intelligence to enhance actionable alerting.
• Excellent skills in collaboration and communication for validation of detection strategies with SOC teams.
• Experience with SIEM, EDR, and NDR platforms, with CrowdStrike expertise highly preferred.
• Strong understanding of security frameworks and compliance requirements (e.g., SEC, FedRAMP, J-SOX).

#LI-MH1

If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success – and the success of our customers. Does your heart beat like ours? Find out here: Core Values

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.