**Location:** 4910 Tiedeman Road - Brooklyn, Ohio 44144 **Senior Detection & Automation Engineer** **Position Summary** Our Cyber Detection & Automation team rolls up into Key’s broader Cyber Defense function within Corporate Information Security. Cyber Defense’s mission is simple: We aim to Deter, Detect, Deny, and Disrupt adversaries through proactive threat centric defense. As a senior member of the Cyber Detection & Automation (CDA) team within Key’s Cyber Defense function, you will lead the development of detection logic and automation capabilities that enable our mission to Deter, Detect, Deny, and Disrupt adversaries. This role is pivotal in advancing our threat-centric defense posture by engineering high-fidelity detections, orchestrating response workflows, and mentoring junior engineers. You will work across SIEM, SOAR, and DAM platforms to build scalable, resilient detection and response capabilities. You’ll also collaborate with Cyber Threat Intelligence, Threat Response, and Engineering teams to ensure our detection strategy aligns with evolving adversary tactics and business risk. **Key Responsibilities** Detection Engineering + Design and implement detection-as-code rules, alerts, dashboards, and reports across SIEM and log aggregation platforms. + Translate threat intelligence and adversary TTPs into actionable detection logic using frameworks like MITRE ATT&CK. + Continuously tune detection content to reduce false positives and improve signal fidelity. Security Automation + Develop and maintain SOAR playbooks to automate triage, enrichment, and response actions. + Identify manual processes suitable for automation and lead their transformation into orchestrated workflows. Threat Analysis & Content Development + Perform event correlation and log analysis to validate detection efficacy and identify gaps. + Conduct trend analysis to identify emerging threats and detection opportunities. + Document detection use cases and maintain lifecycle documentation using team standards. Collaboration & Mentorship + Partner with Cyber Threat Response and Threat Intelligence teams to align detection priorities. + Escalate confirmed or suspected malicious activity with contextual analysis. + Mentor junior engineers and contribute to team knowledge sharing and training. **Required Qualifications** Technical Expertise + Deep understanding of cyber defense principles, adversary TTPs, and detection engineering. + Proficiency in scripting languages (PowerShell, Python, JavaScript, Bash), SIEM query languages, and industry formats (Sigma, YARA-L, etc) + Experience with SOAR platforms and automation development. + Familiarity with cloud security (Azure, AWS, GCP) and integrating cloud telemetry into detection pipelines. Operational & Analytical Skills + Strong problem-solving skills and ability to interpret complex log data. + Experience in documenting and managing detection content lifecycle. + Ability to communicate technical concepts to both technical and non-technical audiences. Qualifications + Bachelor’s degree in Cybersecurity, Computer Science, or related field—or equivalent experience. + 5+ years in security operations, detection engineering, or threat hunting roles. + Familiarity with the MITRE ATT&CK and D3FEND framework and adversary TTPs. **Preferred Certifications** + Certified Information Systems Security Professional (CISSP) + Certified Information Security Manager (CISM) + Certified Information Systems Auditor (CISA) + CompTIA Security+ GIAC Certified Detection Analyst (GCDA) + GIAC Cloud Threat Detection (GCTD) + GIAC Certified Incident Handler (GCIH) + GIAC Certified Intrusion Analyst (GCIA) Job Posting Expiration Date: 10/05/2025 KeyCorp is an Equal Opportunity Employer committed to sustaining an inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing HR_Compliance@keybank.com. KeyBank is an organization collectively committed to helping you unlock your potential and discover what truly drives you. Working here means sharing our purpose to help our clients, colleagues, and communities thrive. You’ll find genuinely supportive teammates, a flexible, inclusive work environment, challenging projects, accessible leaders, and opportunities to grow in your position and your career. For 200 years, Key has opened doors in our communities. Let us open one for you.