Meet Our Team:

Pega is The Enterprise Transformation Company that helps organizations Build for Change with enterprise AI decisioning and workflow automation. We offer a commercial SaaS version of our industry-leading platform to our global clients. Pega was recently recognized as one of the “Top 10 Tech Winners For The AI Revolution” by industry analysts and just hit a huge milestone of joining the S&P MidCap 400. On the frontlines of this success is the Pega Cloud Security Operations Center (CSOC). Our team of information security professionals is charged to protect Pega’s commercial cloud assets and offerings. We accomplish this by creatively working to deter, detect, deny, delay, and defend against internal and external security threats. The CSOC provides monitoring, detection, and incident response services for Pega Cloud.

Picture Yourself at Pega:

As a Principal Detection Engineer, you will be responsible for designing and delivering high‑quality, high‑confidence security detections that safeguard Pega Cloud. You will work closely with threat hunters, DFIR analysts, cloud engineers, and platform teams to stay ahead of adversaries — not just responding to threats but anticipating them. Your focus will be on building, tuning, refining, and optimizing detection content, and contributing directly to our threat hunting program. You will help convert threat hunt findings, incident learnings, and intelligence insights into actionable detections, dashboards, and playbooks. This is a hands‑on technical role for someone who loves deep threat understanding, automation, and data-driven detection engineering.

What You'll Do at Pega:

•  Detection Engineering

  • Build reliable detections for AWS, GCP, Kubernetes, Linux, and SaaS platforms.
  • Turn threat insights into actionable detection logic.
  • Create detection content and dashboards on attacker behavior, anomalies, and cloud threats.
  • Transform hunt outputs into scalable detections, SOPs, and automation.
  • Use SIEM tools (Chronicle/SecOps preferred; Splunk helpful) for log ingestion, correlation, and alerts.

   

  Tuning & Content Optimization

  • Continuously tune, refine, and improve existing alerts based on feedback from DFIR and Security Engineering.
  • Enhance visibility and detection coverage across cloud platforms by identifying telemetry gaps.
  • Validate detections against real-world attacker TTPs and red-team behaviors based on MITRE ATT&CK Framework.

   

  Threat Hunting & Collaboration

  • Engage in both structured, hypothesis-driven and exploratory threat hunting activities on a regular basis.
  • Assess and address gaps, identify recurring patterns, and evaluate opportunities to develop new detection methods and automate processes.
  • Collaborate with Cloud and Security Engineering teams to ensure comprehensive logging is implemented to support detection and investigation efforts.
  • Provide mentorship to analysts on developing detection logic, applying threat methodologies, and utilizing advanced query techniques.

   

  SME Responsibilities

  • Act as a subject matter expert specializing in detection engineering and cloud attacker activity.
  • Offer advice on SIEM query languages, including effective methods to create robust and scalable detection content.
  • Assist with documentation related to detection logic, content lifecycle management, and standard operating procedures (SOPs).

   

Tuning & Content Optimization

Who You Are:

Analytical cybersecurity professional skilled in cloud threats, attacker behavior analysis, data exploration, and scalable detection strategy design.

• Analytical and persistent cybersecurity professional with expertise in cloud threats, attacker tactics, and scalable detection strategies.
• Experienced in AWS/GCP detection building
• Knowledgeable in MITRE ATT&CK, NIST, D3FEND, CIS
• Skilled with Kubernetes/EKS/GKE, Linux, cloud security tools
• Strong OS internals, networking, log analysis, and detection logic
• Effective communicator under pressure
• Able to collaborate across SOC, engineering, and architecture teams

What You've Accomplished:

• 9+ years in cybersecurity with a strong focus on SOC operations, detection engineering, or threat hunting
• Built scalable, cloud‑native detections across AWS, GCP, Kubernetes, Linux, and hybrid environments
• Hands‑on expertise with Google Chronicle / SecOps, including UDM schema, rule authoring, detection tuning, and pipeline optimization
• Experience using YARA‑L / YARA-L detection language to craft advanced behavioral and IOC‑driven detections
• Participated in complex investigations, threat hunts, and incident response for cloud-native threats
• Identified and closed visibility gaps by improving telemetry coverage and log ingestion across cloud systems
• Strong proficiency with EDR/XDR platforms, cloud security tools, and behavioral detection technologies
• Built or contributed to automation using APIs, SOAR workflows, custom scripts (Python/Go), or cloud-native automation
• Familiarity with MITRE ATT&CK, threat modeling, and adversary behavior mapping to detection logic

• Experience validating detections against red‑team, purple‑team, or adversary simulation activities

• Proficient in Git for managing and maintaining the detection pipeline.  

• Good to have (not mandatory):
  • SANS (e.g., SEC487, SEC540, SEC511, SEC599)
  • Offensive Security or equivalent hands-on certifications
  • Cloud security certifications (AWS, GCP, Kubernetes)

Pega Offers You:

• Gartner Analyst acclaimed technology leadership across our categories of products
• Continuous learning and development opportunities
• An innovative, inclusive, agile, flexible, and fun work environment
• Competitive global benefits program inclusive of pay + bonus incentive, employee equity in the company                                           

• #LI-SK1