• Own end‑to‑end development of multi‑signal detections (endpoint, identity, network, cloud/SaaS) using Splunk (SPL), Microsoft Sentinel/Defender & Azure (KQL), FortiNDR Cloud (IQL), and Databricks (SQL) • Translate threat intel (IOCs/TTPs, ATT&CK mapping) into battle‑tested analytics; convert vetted Sigma rules to SPL/KQL where applicable • Implement version control, change notes, suppression logic, and CI/CD pipelines for detections; champion detection replay/backtesting to improve precision/recall and reduce noise • Establish and maintain reusable detection content libraries, curated views/tables, and documentation/runbooks that accelerate operations • Lead data onboarding and schema alignment; articulate coverage plans and quality gates for priority threats and control gaps • Work directly with SOC/CSMT and CSIRT to tune, triage, and validate detections; convert hunts into detections and run purple‑team validations • Provide technical mentorship for DE I/II; conduct peer reviews of detection logic; contribute to sprint planning aligned to quarterly OKRs • Influence roadmap, standards, and governance for the DE program in partnership with the Principal/Lead Detection Engineer