Detection Engineer (Email Security) - Remote Position

About the Role

Fidelity National Financial (FNF) is seeking a Detection Engineer (Email Security) remote to join our Information Security Office (ISO). The primary purpose of this position is to maintain and improve security detections within FNF, specifically focusing on email security. This role can sit 100% remote, allowing you to work from anywhere while contributing to our cybersecurity efforts.

What You'll Do

• Research adversary tradecraft and translate threat intelligence into detection logic.
• Tune and optimize existing detections to reduce alert fatigue while maintaining detection fidelity.
• Perform regular detection coverage and gap analysis assessments.
• Document detection logic, response guidance, and follow-on analysis to support SOC and incident responders.
• Represent detection engineering to cross-functional security teams in meetings, discussing priorities, capabilities, and progress.
• Collaborate with teams including threat intelligence, incident response, and security operations for detection authoring and improvements.
• Contribute to detection program standards and processes.
• Other tasks and responsibilities as assigned.

Requirements

• Bachelor's degree or equivalent combination of education and work experience.
• 5+ years of experience in cybersecurity/information security.
• Strong experience with Python, including logging, testing, object-oriented concepts, and designing ergonomic tools.
• Security monitoring experience with one or more SIEM technologies and query languages (SQL, XQL, SPL, KQL, etc.).
• Detection engineering experience including threat modeling, detection tuning, and metrics-driven detections.
• Experience in one or more security domains - defensive analyst, malware reversing, offensive security, open-source intelligence, threat intelligence.
• Detail-oriented with strong organizational skills.
• Exceptional written and oral communication skills.

Nice to Have

• Experience in detection validation, with a desire to prove coverage.
• Familiarity with email analysis and security.
• Experience with detection-as-code, ideally in a CI/CD pipeline.
• Hands-on experience with popular Breach-as-a-service tools for validation, coverage analysis, and threat modeling.
• Familiarity with Git-based workflows including branching, pull requests, and peer review.

What We Offer

• Competitive salary ranging from $120,000 to $160,000 annually based on location and job-related factors.
• Comprehensive health and welfare insurance (medical/dental/vision/life/disability).
• Paid holidays, vacation, and sick time off.
• Matching 401(k) plan and matching employee stock purchase plan.
• Flexible remote work arrangements.