The Senior Detection Engineer will architect scalable detection systems, develop automation for security response, and collaborate cross-functionally to enhance security measures.
As our next Senior Detection Engineer, you won’t just be monitoring dashboards—you’ll be at the forefront of building our security operations as code. You will lead the charge in architecting scalable detection systems and developing the automation that defines how we protect our infrastructure. This is a technical, hands-on role combining security engineering, automation development, and strategic incident response where your technical decisions directly shape how we detect, investigate, and respond to threats at scale. You won’t just be managing alerts; you’ll be shaping the very trajectory of our security posture in a lean, engineering-first environment.
On a typical day, you might:
- Design and deploy sophisticated detection logic across our entire technology stack using detection-as-code principles like YARA-L, Sigma, and KQL.
- Build automated response workflows that independently enrich, triage, and remediate security alerts, effectively eliminating manual toil through advanced SOAR principles.
- Investigate complex security signals—such as novel attack patterns or phishing campaigns—that require deep human judgment and strategic intuition.
- Collaborate cross-functionally with DevOps and Security Engineering teams to adapt detection logic to infrastructure changes before security blind spots can emerge.
- Leverage AI and LLMs as force multipliers to accelerate threat hunting, generate new detection hypotheses, and automate repetitive investigative tasks.
- Lead post-incident reviews with engineering partners, transforming security findings into preventative architectural changes that harden our long-term defense.
- Prototype and test emerging detection capabilities and data sources, ensuring we stay ahead of the threat landscape while participating in an on-call rotation to defend our most critical systems.
What is needed:
- 5+ years of hands-on experience in detection engineering, incident response, or security operations within high-growth technology environments.
- Advanced programming proficiency in Python, with a proven ability to build production-quality security automations and custom integrations from scratch.
- Deep expertise in Cloud Security (AWS), including a comprehensive understanding of IAM, VPC, CloudTrail, and Lambda attack vectors.
- Mastery of detection logic in at least two major languages, such as YARA-L, Sigma, KQL, or SPL.
- A track record of building SOAR workflows or equivalent automation platforms that measurably reduce operational overhead at scale.
- Exceptional communication skills, with the ability to distill complex security risks into actionable insights and influence technical decisions across the organization.
- Experience using AI/LLMs as a strategic tool for threat analysis, investigation automation, and increasing the velocity of security work.
- A self-directed, engineering-first mindset, ideally with a background in SRE, DevOps, or platform engineering and a history of contributing to open-source security projects.
About ActiveCampaign:
ActiveCampaign is the autonomous marketing platform for people at the heart of the action. It empowers teams to automate their campaigns with AI agents that imagine, activate, and validate–freeing them from step-by-step workflows and unlocking limitless ways to orchestrate their marketing.
With AI, goal-based automation, and 1,000+ app integrations, agencies, marketers, and owners can build cross-channel campaigns in minutes–fine-tuned with billions of data points to drive real results for their unique business.
ActiveCampaign is the trusted choice to help businesses unlock a new world of boundless opportunities–where ideas become impact and potential turns into real results.
As a global multicultural company, we are proud of our inclusive culture which embraces diverse voices, backgrounds, and perspectives. We don’t just celebrate our differences, we believe our diversity is what empowers our innovation and success. You can find out more about our DEI initiatives here.
Perks and benefits:
At ActiveCampaign, we prioritize employees’ well-being and professional growth by cultivating a culture centered on collaboration and innovation. When you join our team, you’ll not only have the opportunity to make a significant impact, but also enjoy a range of benefits tailored to support your personal and career development.
Here are some of the benefits we offer:
-Comprehensive Health & Wellness: Top-tier benefits package that includes a fully-covered High Deductible Health Plan (HDHP), complimentary access to telehealth services, and a free subscription to Calm.
-Growth & Development: Access to LinkedIn Learning, professional development programs, and career growth opportunities in a fast-growing organization.
-Generous Paid Time Off: Recharge and take the time you need to maintain work-life balance with open PTO.
-Total Rewards: Generous 401(k) matching with immediate vesting, quarterly perks with commuter and lunch benefits for hub based employees or a stipend for remote workers, and a four-week paid sabbatical with bonus after five years.
-Collaborative Culture: Work alongside brilliant, passionate colleagues in an environment that values innovation, teamwork, and mutual support.
ActiveCampaign is an equal opportunity employer. We recruit, hire, pay, grow and promote no matter of gender, race, color, sexual orientation, religion, age, protected veteran status, physical and mental abilities, or any other identities protected by law.
Our Employee Resource Groups (ERGs) strive to foster a diverse inclusive environment by supporting each other, building a strong sense of belonging, and creating opportunities for mentorship and professional growth for their members.
Top Skills
AWS
Kql
Python
Sigma
Soar
Yara-L
ActiveCampaign Chicago, Illinois, USA Office
Located in the heart of the Loop overlooking State Street, with views of the lake and Millennium Park with easy access to the Metra & CTA stations.
Similar Jobs
Cloud • Information Technology • Security • Software • Cybersecurity
The Senior Detection Engineer will analyze telemetry, publish threats, create and tune detectors, improve workflows, and provide mentorship.
Top Skills:
CircleCIEdrElasticGitKLuceneSigmaSnortSplunkSQLYara
Cloud • Information Technology • Security • Software • Cybersecurity
The Senior Detection Engineer will analyze EDR telemetry, create and tune detection rules, automate workflows, and mentor peers to enhance threat detection and response.
Top Skills:
CircleCICloud/SaasEdrElasticGitIdentityKLuceneSIEMSigmaSnortSplunkSQLYara
Artificial Intelligence • Fintech • Machine Learning • Natural Language Processing • Business Intelligence
Responsible for enhancing detection engineering, response automation, and threat hunting capabilities. Collaborate on detection rules, automated incident responses, and lead threat hunting initiatives.
Top Skills:
AWSEdrGCPJupyter NotebooksOsqueryPythonSIEMSigmaSoarVelociraptorYara-L
What you need to know about the Chicago Tech Scene
With vibrant neighborhoods, great food and more affordable housing than either coast, Chicago might be the most liveable major tech hub. It is the birthplace of modern commodities and futures trading, a national hub for logistics and commerce, and home to the American Medical Association and the American Bar Association. This diverse blend of industry influences has helped Chicago emerge as a major player in verticals like fintech, biotechnology, legal tech, e-commerce and logistics technology. It’s also a major hiring center for tech companies on both coasts.
Key Facts About Chicago Tech
- Number of Tech Workers: 245,800; 5.2% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: McDonald’s, John Deere, Boeing, Morningstar
- Key Industries: Artificial intelligence, biotechnology, fintech, software, logistics technology
- Funding Landscape: $2.5 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Pritzker Group Venture Capital, Arch Venture Partners, MATH Venture Partners, Jump Capital, Hyde Park Venture Partners
- Research Centers and Universities: Northwestern University, University of Chicago, University of Illinois Urbana-Champaign, Illinois Institute of Technology, Argonne National Laboratory, Fermi National Accelerator Laboratory
