Threat Detection Architect Dallas or Detroit metro

Comerica Bank
life insurance, parental leave, paid time off, sick time, 401(k)
United States, Michigan, Auburn Hills
May 10, 2025
Threat Detection Architect The Threat Detection Architect is responsible for establishing and maintaining the detection targets / roadmaps and overseeing process / execution of detection content and use cases through collaboration with Operational and Engineering teams. The architect will perform analysis on and recommend solutions for detection gaps to build an ecosystem of robust detection rules across multiple security tools to address Cyber threats. The architect will provide subject matter expertise, mentorship, and leadership in the utilization of tools across the environment to complete and resolve the most complex security investigations. When needed, the architect will provide the highest level of technical capabilities and support across security tools in the environment to investigate, contain, and mitigate the impact of complex/critical security incidents. This role reports directly to the Director of Cyber Defense Operations. The Cyber Defense Operations team is responsible for the protection, monitoring, detection, response, and recovery from security incidents across Comerica's environment. The team includes, amongst others, the Security Operations Center (SOC) and Threat and Vulnerability Management (TVM). The TVM team includes Cyber Fraud Operations, Threat Hunting, Threat Intelligence, and Vulnerability Management. The Threat Detection Architect role resides at the epicenter of these two core Cyber Defense teams, providing support to the SOC and TVM teams in the identification and creation of detection content and is ultimately responsible for the lifecycle of detection content. The ideal candidate will have Cybersecurity / IT certifications (e.g. CompTIA Network+, CompTIA Security+, GCIA, GCIH, GREM, or GPEN) Position Responsibilities: Threat Detection Architecture Establish and maintain threat detection coverage targets. Collaborate closely with the Threat Intelligence team to perform research on current threats and adversaries that target institutions similar to Comerica, to gain an understanding of current tactics, techniques, and procedures utilized. Conduct regular analysis of the current state of detection rules within Comerica's security suite of tools against the threat landscape to identify coverage gaps and areas for improvement. Perform innovative detection development through hypothesis and supporting research. Propose and ensure validation of detection rules, in collaboration with the SOC and TVM teams, to address coverage gaps and improve threat detection capability across the environment. Identify - evaluate vendors, products, and solutions to enhance threat detection. Threat Detection Development Participate in the testing and rollout of proposed rules across the environment to ensure that the quality of the implemented rule is appropriate for operationalization by the SOC. Upkeep and maintain the system of record for detection use cases, ensuring that it provides a live, up-to-date view of detection capabilities across the environment. Update MITRE ATT-CK mapping within the system of record, both to maintain alignment with updates to the MITRE ATT-CK framework and to provide an accurate depiction of detection coverage across the framework. Support response to major incidents by developing custom rules to detect anomalies, interfacing with the Threat Hunting and Threat Intelligence teams to do so. Collaborate with other Engineering and Operations teams within Comerica to troubleshoot, respond, and improve detection capabilities. Incident Response Perform advanced technical and forensic analysis for payloads used by threat actors. Provide recommendations on remediation plans for critical incidents to minimize business impact and ensure continuity. Provide advanced subject matter expertise across malware, phishing, cloud access security brokers (CASB), network, and configuration compliance domains to investigate, contain, and mitigate the impact of complex/critical security incidents. Documentation and Support Provide clear direction and documentation to Cyber Engineering teams to facilitate the development and implementation of detection rules into security tools. Maintain and provide accurate executive/compliance reporting on detection coverage, both against specific threats or techniques, as well as on the detection program as a whole. Participate in the development / enhancement of processes and technologies impacting the Cyber Defense Operations function. Handle sensitive information in accordance with the Corporate Information Protection Policy. Other duties as assigned Positions Qualifications: Bachelor's Degree in Computer Science, Engineering, Information Systems, or Cyber Security -- OR -- High School/GED with 12 years Progressive Relevant Experience 6 years of Information security / technology experience, preferably in a SOC, NOC, Threat Intelligence, or Threat Hunting 5 years of experience using various operating systems and industry standard monitoring, logging, alerting and investigation processes 5 years of incident response experience. 3 years of experience with scripting skills in common languages (e.g. PowerShell, Python, Java, Bash). 3 years of experience performing forensics on payloads across multiple attack vectors. 3 years of experience in designing detection rules for SIEM and other supplemental platforms. This position is not eligible for sponsorship. Must have indefinite employment authorization. Work Best Category: Category C - Days in the office will either be designated days or will vary week to week from 2-5 days Hours: 8:00am - 5:00pm Monday - Friday Salary: To Be Determined Based on Individual Experience About Comerica We know our employees are critical to our overall success and we are dedicated to investing in their future. One of the ways we do this is to offer a comprehensive Total Rewards package designed to recognize and reward individual performance, as well support health, well-being, development and security for our colleagues and their family. Total Rewards consists of cash compensation, development and flexible benefit programs designed to meet individual needs today and in the future. Your salary will be commensurate with your work experience and our programs are reviewed regularly to ensure each remain competitive. We are proud to offer benefits such as health and welfare programs, strong retirement benefits, and generous paid time off programs. You and your eligible family members, including domestic partners and their children, can participate in medical, dental, and vision benefits, 401(k) and pension, income protection benefits such as life insurance, AD&D, and supplemental health programs to offset unexpected health care expenses. We also have a variety of time off programs for things like vacation, sick time, disability, and parental leave. Eligibility for some programs varies based on employment status and tenure. Upon offer, Comerica conducts a comprehensive background and fingerprint check. NMLS certification requirement: where applicable, a favorable background check screening, credit check, fingerprint check, and NMLS certification is required in accordance with the SAFE Act. Comerica Incorporated (NYSE: CMA) is a financial services company headquartered in Dallas, Texas, and strategically aligned into three major business segments; the Commercial Bank, the Retail Bank, and Wealth Management. Comerica's colleagues focus on relationships, and helping people and businesses be successful. In addition to Texas, Comerica Bank locations can be found in Arizona, California, Florida and Michigan, with select businesses operating in several other states, as well as in Canada and Mexico. Comerica is proud to be an Equal Opportunity Employer - veterans/individuals with disabilities, committed to workplace diversity.