Sr. Analyst, CSOC - Detection Engineering

Job Description:

Salary range: $108,000 - $138,000*

WHO WE ARE:​

Saks Global is the largest multi-brand luxury retailer in the world, comprising Saks Fifth Avenue, Neiman Marcus, Bergdorf Goodman, Saks OFF 5TH, Last Call and Horchow. Its retail portfolio includes 70 full-line luxury locations, additional off-price locations and five distinct e-commerce experiences. With talented colleagues focused on delivering on our strategic vision, The Art of You, Saks Global is redefining luxury shopping by offering each customer a personalized experience that is unmistakably their own. By leveraging the most comprehensive luxury customer data platform in North America, cutting-edge technology, and strong partnerships with the world's most esteemed brands, Saks Global is shaping the future of luxury retail.

Saks Global Properties & Investments includes Saks Fifth Avenue and Neiman Marcus flagship properties and represents nearly 13 million square feet of prime U.S. real estate holdings and investments in luxury markets. 

YOU WILL BE: 

Designing, building, and continuously improving high-fidelity security detections across our cloud and enterprise environments as an experienced and highly motivated Sr. CSOC Analyst with a focus on Detection Engineering. This role sits at the intersection of Security Operations, Threat Intelligence, and Engineering, with a strong emphasis on Detection-as-Code, automation, and adversary-focused detection engineering.

You will partner closely with SOC analysts, Incident Response, Threat Intelligence, and Cloud Security teams to translate attacker behaviours into scalable, testable, and maintainable detections. Comfortable to work up to 4 days a week in our NYC or Dallas office.

WHAT YOU WILL DO:

Detection Engineering & Security Operations

•  Design, develop, and maintain high-quality detections aligned to real-world adversary behaviours and MITRE ATT&CK techniques.  

• Engineer detections across SIEM, EDR, cloud-native security tools, and log pipelines.

• Reduce false positives through tuning, enrichment, and behavioural correlation.

• Support incident response by improving alert fidelity and investigative context.

• Work with cloud-native logs (CloudTrail, Azure Activity Logs, etc.).   

•  Build and manage detections using Detection-as-Code principles (version control, CI/CD, testing, peer review).

• Develop detections in formats such as YAML, Sigma, KQL, SPL, JSON, or custom rule frameworks.

• Implement automated testing and validation of detections using replayed attack data and simulations.

• Maintain detection repositories with clear documentation, ownership, and lifecycle management. 

•  Translate threat intelligence, IOCs, TTPs, and attack reports into actionable detections.

•  Develop behaviour-based detections for advanced threat actors, not just indicator-based alerts.

• Partner with Red Team / Purple Team to validate detections against real attack paths.

• Continuously improve coverage in response to emerging threats and incident learnings.  

Automation & Engineering

•  Write production-quality code to automate detection deployment, enrichment, and response.

• Build tooling for detection testing, telemetry validation, and metrics.

• Integrate detections with automation and response workflows.

• Experience or a deep understanding of building and integrating AI workflows. 

WHAT YOU WILL BRING: 

• Bachelor's Degree: in Computer Science, Cybersecurity, Information Technology, or a related field.

• Proven Experience: Demonstrated experience in designing and implementing security detections.Minimum 5  years of experience in Security Operations (SOC) roles.

• Deep understanding and hands-on experience with major cloud platforms (AWS, Azure), specifically focusing on Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) security controls, APIs, and logging/querying (e.g., CloudWatch Logs/Metrics, Azure Monitor, Azure Activity Log, Splunk, Sigma for Azure/AWS).

• Strong proficiency in at least one scripting/programming language (Python highly preferred). Ability to write, test, and debug code for detection logic and automation.

• Demonstrable experience with detection-as-code principles and specific frameworks (e.g., Sigma, YARA, custom scripts). Experience managing detection lifecycles using version control systems (Git).

• Proven hands-on experience configuring, managing, and querying SIEM platforms.

• Experience incorporating threat intelligence (e.g., threat feeds, IoCs, YARA rules, OpenIOC) into detection logic and automated responses.

• Solid grasp of network security, cloud security fundamentals, incident response lifecycles, and common attack vectors (e.g., malware, phishing, APTs).

• Excellent analytical abilities to dissect complex problems, identify patterns, and develop effective detection strategies.

YOUR LIFE AND CAREER AT SAKS GLOBAL:

• Opportunity to work in a dynamic fast paced environment at a company experiencing growth and transformation 

• Exposure to rewarding career advancement opportunities across the largest multi-brand luxury retailer from retail to distribution, to digital or corporate 

• Comprehensive benefits package for all eligible full-time employees (including medical, vision and dental)

• An amazing employee discount

Benefits: We offer the following benefits for this position, subject to applicable eligibility requirements: medical insurance, dental insurance, vision insurance, 401(k) retirement plan, basic life insurance, supplemental life insurance, disability insurance, and a variety of additional voluntary benefits (such as critical illness, hospital and accident insurance). 

Thank you for your interest in Saks. We look forward to reviewing your application.

Saks provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Saks complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Saks welcomes all applicants for this position. Should you be individually selected to participate in an assessment or selection process, accommodations are available upon request in relation to the materials or processes to be used.

Saks.com is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.

*The above expected salary range may have some variability based upon factors including, but not limited to, a candidate’s overall experience, qualifications, and geographic location. If you are interested in the role, we encourage you to apply and, if selected to move forward in the interview process, you will have a chance to speak with our recruitment team regarding your specific salary expectations.