{"id":909,"date":"2025-12-24T09:04:10","date_gmt":"2025-12-24T09:04:10","guid":{"rendered":"https:\/\/skillbasedmatching.com\/jobs\/?post_type=jobpost&#038;p=909"},"modified":"2025-12-24T09:04:14","modified_gmt":"2025-12-24T09:04:14","slug":"sr-information-security-detection-engineer-pennymac","status":"publish","type":"jobpost","link":"https:\/\/skillbasedmatching.com\/jobs\/current-jobs\/sr-information-security-detection-engineer-pennymac\/","title":{"rendered":"Sr. Information Security Detection Engineer \u2013 Pennymac"},"content":{"rendered":"\n<p>\u200bThis is a <strong>Senior-level, Remote<\/strong> role at Pennymac (NYSE: PFSI), a leading financial services firm specializing in U.S. mortgage loans. This position is a high-impact engineering role within the Information Security department, focusing on building the &#8220;intelligence&#8221; of the Security Operations Center (SOC). You are responsible for designing the detection logic that finds advanced threats across a complex hybrid-cloud environment, while also acting as a technical leader during major security incidents.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Requisition ID:<\/strong> 36607<\/li>\n\n\n\n<li>\u200b<strong>Salary Range:<\/strong> $90,000 \u2013 $150,000<\/li>\n\n\n\n<li>\u200b<strong>Location:<\/strong> 100% Remote (United States)<\/li>\n\n\n\n<li>\u200b<strong>Core Technology:<\/strong> AWS, Azure, GCP, Snowflake, Git, CI\/CD, and Python.<\/li>\n\n\n\n<li>\u200b<strong>Framework Focus:<\/strong> MITRE ATT&amp;CK.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bKey Responsibilities: Detection Lifecycle &amp; Incident Response<\/h2>\n\n\n\n<p>\u200bThis role is divided between proactive &#8220;defense engineering&#8221; and reactive &#8220;high-tier response.&#8221;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bDetection Engineering Lifecycle<\/h3>\n\n\n\n<p>\u200bYou will lead the end-to-end detection engineering process. This involves using <strong>Git<\/strong> and <strong>CI\/CD pipelines<\/strong> to develop, test, and deploy high-quality detection rules (signatures and queries). You will map these detections to the <strong>MITRE ATT&amp;CK Framework<\/strong> to ensure comprehensive coverage of adversary techniques like lateral movement and credential access. To stay ahead of novel threats, you will leverage <strong>AI\/ML capabilities<\/strong> to identify anomalies that traditional rules might miss.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bIncident Response &amp; Triage (Tier-2)<\/h3>\n\n\n\n<p>\u200bYou serve as the primary escalation point for the L1 SOC. When complex alerts are triggered, you perform deep-dive forensics across Windows, Linux, and Cloud environments to identify the root cause. During major security events, you lead the incident handling process\u2014from containment to retrospect\u2014ensuring that lessons learned are turned back into new detection rules.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bSecurity Data Optimization<\/h3>\n\n\n\n<p>\u200bYou will partner with Security Engineering to optimize data ingestion into your SIEM or <strong>Data Lake (Snowflake)<\/strong>. This ensures that the logs you are querying are of high quality and that search performance remains fast enough for real-time detection. You will also develop <strong>Standard Operating Procedures (SOPs)<\/strong> and automated playbooks to streamline response actions for the entire IR team.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bRequired Qualifications and Skills<\/h2>\n\n\n\n<p>\u200bPennymac is looking for a &#8220;Detection-as-Code&#8221; practitioner who understands the nuances of the mortgage industry\u2019s regulatory landscape.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Experience:<\/strong> Extensive background in <strong>Security Operations (SOC)<\/strong> or <strong>Security Engineering<\/strong>.<\/li>\n\n\n\n<li>\u200b<strong>Technical Breadth:<\/strong> Expert knowledge of <strong>Windows, Linux, MacOS<\/strong>, and the big three cloud providers (<strong>AWS, Azure, GCP<\/strong>).<\/li>\n\n\n\n<li>\u200b<strong>Scripting\/Automation:<\/strong> 2+ years of experience in <strong>Python<\/strong> or other languages to automate response actions and tasking.<\/li>\n\n\n\n<li>\u200b<strong>Security Frameworks:<\/strong> Mastery of the <strong>MITRE ATT&amp;CK<\/strong> framework and a deep understanding of modern hacking techniques (exploitation, persistence, etc.).<\/li>\n\n\n\n<li>\u200b<strong>Data Platforms:<\/strong> Experience with <strong>Snowflake<\/strong> or similar Data Lake technologies for large-scale security analytics.<\/li>\n\n\n\n<li>\u200b<strong>Soft Skills:<\/strong> Strong leadership and mentorship abilities to guide junior incident responders.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bSummary of Role Impact<\/h2>\n\n\n\n<p>\u200bAs a specialty financial firm, Pennymac manages a massive volume of sensitive consumer data. In this role, your detection rules are the &#8220;first line of defense&#8221; that protects millions of American homeowners. By shifting detection to a version-controlled, automated model, you reduce the time it takes to identify an intruder from days to minutes. Your ability to bridge the gap between <strong>Threat Intelligence<\/strong> and <strong>SOC Operations<\/strong> ensures that Pennymac&#8217;s security posture is constantly evolving to meet the latest cyber threats.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u200bThis is a Senior-level, Remote role at Pennymac (NYSE: PFSI), a leading financial services firm specializing in U.S. mortgage loans. This position is a high-impact engineering role within the Information Security department, focusing on building the &#8220;intelligence&#8221; of the Security Operations Center (SOC). You are responsible for designing the detection logic that finds advanced threats [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"menu_order":0,"template":"","jobpost_category":[43],"jobpost_job_type":[39],"jobpost_location":[],"jobpost_tag":[188,126,614,1261,1938,3946,24,81,1250,226,4127],"class_list":["post-909","jobpost","type-jobpost","status-publish","hentry","jobpost_category-it","jobpost_job_type-remote","jobpost_tag-aws","jobpost_tag-azure","jobpost_tag-gcp","jobpost_tag-incident-response","jobpost_tag-mitre-attck","jobpost_tag-pennymac","jobpost_tag-python","jobpost_tag-remote","jobpost_tag-siem","jobpost_tag-snowflake","jobpost_tag-sr-detection-engineer"],"_links":{"self":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost\/909","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost"}],"about":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/types\/jobpost"}],"author":[{"embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/users\/1"}],"wp:attachment":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/media?parent=909"}],"wp:term":[{"taxonomy":"jobpost_category","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_category?post=909"},{"taxonomy":"jobpost_job_type","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_job_type?post=909"},{"taxonomy":"jobpost_location","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_location?post=909"},{"taxonomy":"jobpost_tag","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_tag?post=909"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}