Datavant
Sr. Security Detection Engineer
Job Summary
The role involves managing and maintaining threat detection infrastructure, particularly SIEM platforms like Splunk ES, within regulated environments. The candidate will support security detection, response, and compliance activities, including audit support and integration of security tools across cloud and on-premises platforms. Strong technical knowledge of AWS services, security frameworks, and security operational tools is required. The position emphasizes automation, platform management, and collaboration with cross-functional teams to enhance security posture.
Required Skills
Benefits
Job Description
Datavant is a data platform company and the world’s leader in health data exchange. Our vision is that every healthcare decision is powered by the right data, at the right time, in the right format.
Our platform is powered by the largest, most diverse health data network in the U.S., enabling data to be secure, accessible and usable to inform better health decisions. Datavant is trusted by the world’s leading life sciences companies, government agencies, and those who deliver and pay for care.
By joining Datavant today, you’re stepping onto a high-performing, values-driven team. Together, we’re rising to the challenge of tackling some of healthcare’s most complex problems with technology-forward solutions. Datavanters bring a diversity of professional, educational and life experiences to realize our bold vision for healthcare.
What We’re Looking For
We are seeking a highly skilled and experienced Senior Security Detection Engineer to join our Security Operations team. This role is critical to the implementation and maintenance of our threat detection infrastructure, automation of security controls, and adherence to compliance frameworks such as FedRAMP, SOC 2, and HIPAA.
The ideal candidate will have deep technical knowledge in AWS infrastructure and security services, strong hands-on experience with Splunk Enterprise Security, and a solid grasp of modern security best practices. If you're passionate about building secure systems and enabling high-quality detections at scale, we'd love to hear from you.
What You Will Do
Detection & Response Infrastructure
- Manage and maintain SIEM platforms (Splunk ES) across government and commercial environments.
- Perform SIEM capacity planning, configuration tuning, and tenant administration.
- Design and deploy security detections using custom Splunk SPL and alerting frameworks.
- Administer EDR platforms (e.g., CrowdStrike Falcon), including tenant management and policy tuning.
- Automate logging pipeline and detection logic deployments.
Compliance & Audit Support
- Support internal and external audit requests (FedRAMP, SOC 2, HIPAA, HITRUST, etc.).
- Ensure appropriate audit logging is implemented across critical infrastructure and product applications.
- Assist with ASVF (Automated Security Validation Framework) requests.
Security Platform Integrations & Operations
- Install, configure, and maintain Splunk Apps and Add-Ons including:
- Splunk Add-On for AWS
- Splunk Add-On for Windows
- Google Workspace for Splunk
- Splunk Add-On for Azure/Microsoft Services
- Build and maintain dashboards, reports, and analytics in Splunk.
- Manage clustered Splunk environments with multiple search heads and indexers.
- Onboard new data sources and integrate telemetry across platforms.
Special Projects
- Participate in M&A integrations related to SIEM, EDR, DLP, IDP/IPS, MSSP SOC, and other security tools.
- Lead initiatives around web filtering, email firewall integration, and data loss prevention strategies.
What You Need to Succeed
- 4+ years of experience in an IT or Information Security field within a highly regulated environment.
- Strong technical knowledge of AWS infrastructure and security services (EC2, ELB, Guard Duty, Config, Inspector, Security Hub, RDS, Route53, S3, VPC, VPN, TGW, CloudWatch, CloudTrail, EventBridge, etc.)
- Experience with regulatory compliance frameworks (e.g., HIPAA, HITRUST, PCI, SOC 2, ISO 27001)
- Proficient with managing Splunk Enterprise Security, Splunk architecture and administration (indexers, forwarders, SH clusters)
- Experience with endpoint protection platforms like CrowdStrike Falcon
- Strong understanding of SIEM and EDR operations in regulated environments
What Helps You Stand Out
- Familiarity with modern security data lakes and cloud-native detection architectures.
- Experience working in agile environments with DevOps methodologies.
- Experience collaborating with Software Engineering and Infrastructure teams to onboard new data sources.
- Strong UNIX/Linux administration skills.
- Understanding of Kubernetes RBAC, network policies, and audit logging.
- Experience with FedRAMP-compliant projects is a plus.
We are committed to building a diverse team of Datavanters who are all responsible for stewarding a high-performance culture in which all Datavanters belong and thrive. We are proud to be an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.
At Datavant our total rewards strategy powers a high-growth, high-performance, health technology company that rewards our employees for transforming health care through creating industry-defining data logistics products and services.
The range posted is for a given job title, which can include multiple levels. Individual rates for the same job title may differ based on their level, responsibilities, skills, and experience for a specific job.
To ensure the safety of patients and staff, many of our clients require post-offer health screenings and proof and/or completion of various vaccinations such as the flu shot, Tdap, COVID-19, etc. Any requests to be exempted from these requirements will be reviewed by Datavant Human Resources and determined on a case-by-case basis. Depending on the state in which you will be working, exemptions may be available on the basis of disability, medical contraindications to the vaccine or any of its components, pregnancy or pregnancy-related medical conditions, and/or religion.
This job is not eligible for employment sponsorship.
Datavant is committed to a work environment free from job discrimination. We are proud to be an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status. To learn more about our commitment, please review our EEO Commitment Statement here. Know Your Rights, explore the resources available through the EEOC for more information regarding your legal rights and protections. In addition, Datavant does not and will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay.
At the end of this application, you will find a set of voluntary demographic questions. If you choose to respond, your answers will be anonymous and will help us identify areas for improvement in our recruitment process. (We can only see aggregate responses, not individual ones. In fact, we aren’t even able to see whether you’ve responded.) Responding is entirely optional and will not affect your application or hiring process in any way.
Datavant is committed to working with and providing reasonable accommodations to individuals with physical and mental disabilities. If you need an accommodation while seeking employment, please contact us at [email protected]. We will review your request for reasonable accommodation on a case-by-case basis.
For more information about how we collect and use your data, please review our Privacy Policy.
Datavant
Join Datavant’s network of networks, including 300+ real-world data partners, more than 70,000 hospitals and clinics, and 70% of the top 100 largest health systems.
See more jobsSafe Remote Job Search Tips
Verify Employer Thoroughly
Research the company's identity thoroughly before applying. Check for a professional website with contacts, active social media, and LinkedIn profiles. Verify details across platforms and look for reviews on Glassdoor or Trustpilot to confirm legitimacy.
Never Pay to Get a Job
Legitimate employers never require payment for applications, training, background checks, or equipment. Always reject upfront payment requests or demands for bank details, even if they claim it's for purchasing necessary work gear on your behalf.
Safeguard Your Personal Information
Protect sensitive data like SSN, bank details, or ID copies. Share this only after accepting a formal, written job offer. Ensure it's submitted via a secure company system or portal, never through insecure channels like standard email attachments.
Scrutinize Communication & Interviews
Watch for communication red flags: poor grammar, generic emails (@gmail), vague details, or undue pressure. Be highly suspicious of interviews held only via text or chat apps; legitimate companies typically use video or phone calls.
Beware of Unrealistic Offers
If an offer's salary or benefits seem unrealistically high for the work involved, be cautious. Research standard pay for similar roles. Offers that appear 'too good to be true' are often scams designed to lure you into providing information or payment.
Insist on a Formal Contract
Always secure and review a formal, written job offer or employment contract before starting work or sharing final personal details. Ensure it clearly defines your role, compensation, key terms, and conditions to avoid misunderstandings or scams.