Threat Detection Engineer IV
Edward Jones
St. Louis, MO, USA
USD 99,200-168,900 / year
Posted on Mar 10, 2026
Innovate here. And see your ideas come to life.
It's an exciting time to work in tech at Edward Jones. We are making massive investments in emerging technologies to improve how we work with our clients and with each other. Relationships are the focus of our business model. And working in Technology here means using your skills to build, deliver and maintain the technologies that enable us to deepen and support those relationships. The best part? We develop and create our own industry-leading solutions internally. And you can be a part of it. Working with emerging new technologies. Creating platforms, programs and experiences that change how we work together - and support our client-first focus. Changing the future of our firm, the industry and the advisor-client relationship.
Job Overview
Position Schedule: Full-Time
This job posting is anticipated to remain open for 30 days, from 05-Mar-2026. The posting may close early due to the volume of applicants.
Overview
A Threat Detection Engineer is a role focused on developing skills in adversary tradecraft research, detection development, and detection lifecycle management. Engineers at this level work within clearly defined scope and are supported through structured review, feedback, and mentorship.
What You'll Do
Scope and Ownership
Hiring Minimum: $99200
Hiring Maximum: $168900
Skills/Requirements
Read More About Job Overview
What Experience You'll Need
Education and Learning Background
Candidates should demonstrate foundational understanding in several of the following areas:
Awards & Accolades
At Edward Jones, we are building a place where everyone feels like they belong. We're proud of our associates' contributions to the firm and the recognitions we have received.
Check out our U.S. awards and accolades: Insights & Information Blog Postings about Edward Jones
Check out our Canadian awards and accolades: Insights & Information Blog Postings about Edward Jones
Read More About Awards & Accolades
About Us
Join a financial services firm where your contributions are valued. Edward Jones is a Fortune 500¹ company where people come first. With over 9 million clients and 20,000 financial advisors across the U.S. and Canada, we're proud to be privately-owned, placing the focus on our clients rather than shareholder returns.
Behind everything we do is our purpose: We partner for positive impact to improve the lives of our clients and colleagues, and together, better our communities and society. We are an innovative, flexible, and inclusive organization that attracts, develops, and inspires performance excellence and a sense of belonging.
People are at the center of our partnership. Edward Jones associates are seen, heard, respected, and supported. This is what we believe makes us the best place to start or build your career.
View our Purpose, Inclusion and Citizenship Report.
¹Fortune 500, published June 2024, data as of December 2023. Compensation provided for using, not obtaining, the rating.
Edward Jones does not discriminate on the basis of race, color, gender, religion, national origin, age, disability, sexual orientation, pregnancy, veteran status, genetic information or any other basis prohibited by applicable law.
It's an exciting time to work in tech at Edward Jones. We are making massive investments in emerging technologies to improve how we work with our clients and with each other. Relationships are the focus of our business model. And working in Technology here means using your skills to build, deliver and maintain the technologies that enable us to deepen and support those relationships. The best part? We develop and create our own industry-leading solutions internally. And you can be a part of it. Working with emerging new technologies. Creating platforms, programs and experiences that change how we work together - and support our client-first focus. Changing the future of our firm, the industry and the advisor-client relationship.
Job Overview
Position Schedule: Full-Time
This job posting is anticipated to remain open for 30 days, from 05-Mar-2026. The posting may close early due to the volume of applicants.
Overview
A Threat Detection Engineer is a role focused on developing skills in adversary tradecraft research, detection development, and detection lifecycle management. Engineers at this level work within clearly defined scope and are supported through structured review, feedback, and mentorship.
What You'll Do
Scope and Ownership
- Detection Engineers work on research and development tasks with scope defined by more senior engineers. Within that scope, they are expected to take full ownership of their work products, including research documentation, detection logic, and follow-up improvements.
- Detection Engineers are expected to author detection logic that will be deployed into production environments. All work is reviewed before deployment, but ownership of the work remains with the author.
- Detection Engineers are expected to conduct applied research on adversary techniques assigned to them and to produce detailed written documentation describing how those techniques operate at a technical level. This documentation is expected to explain underlying mechanisms and execution flow with enough depth to support future detection work.
- Research assignments may cover a defined portion of a technique rather than an entire attack chain. Detection Engineers are expected to produce complete and correct documentation within the assigned scope.
- Detection Engineers design, implement, and validate detections based on their research. They are responsible for tuning and improving detections they author, including investigating false positives, missed detections, and validation failures.
- Detection ownership is durable. Detection Engineers are expected to iterate on their work over time rather than handing it off when issues are identified. Guidance and feedback are provided, but responsibility for improvement remains with the author.
- Detection Engineers participate in detection validation by engaging with the Threat Emulation team. This includes explaining researched techniques and detection approaches, reviewing validation results, and updating detections based on outcomes.
- Detection Engineers are expected to respond to operational feedback related to detections they own, including feedback from security operations and response teams. This feedback is treated as part of the normal detection lifecycle and a core learning mechanism.
- Decisions about validation strategy, test cadence, and broader detection health monitoring are handled by more senior Detection Engineers.
- Within the scope of their assigned work, Detection Engineers are expected to understand how detections map to adversary behavior and available telemetry. They should be able to articulate what activity is detectable, what is not, and why.
- Detection Engineers are not expected to own or maintain broader detection coverage models or prioritization decisions.
- Detection Engineers are expected to regularly present and explain their research and detection work to peers and partner teams. This includes participating in forums such as office hours and responding constructively to questions that surface gaps in understanding.
- Detection Engineers interact with partner teams primarily to explain their research and detection work. They are not expected to independently drive cross-team processes or follow-up actions. When issues arise that require coordination beyond explanation or learning, Detection Engineers escalate to more experienced team members.
- Detection Engineers participate in peer review as part of their development. This includes reviewing research and detection work authored by others under guidance, and applying feedback received during review to their own work. Peer review is treated as a learning activity rather than a gatekeeping function.
Hiring Minimum: $99200
Hiring Maximum: $168900
Skills/Requirements
Read More About Job Overview
What Experience You'll Need
Education and Learning Background
- Formal education in computer science, engineering, information security, or a related technical field may be helpful, but is not required. Equivalent experience gained through professional work, independent study, home lab environments, research projects, or other hands-on technical learning is equally valued.
- Candidates may come from a variety of backgrounds, including but not limited to security operations, IT, systems administration, software engineering, academic study, or self-directed learning.
Candidates should demonstrate foundational understanding in several of the following areas:
- Operating system fundamentals, such as process execution, authentication, logging, and system events.
- Basic networking concepts, including common protocols and client-server interactions.
- Familiarity with structured data and the ability to reason about logs or event records.
- Exposure to querying or analyzing technical data using scripts, queries, or similar mechanisms.
- Prior experience with specific security platforms or tools is not required.
- Candidates should demonstrate the ability to learn independently and engage with unfamiliar technical material. This includes:
- Reading and understanding technical documentation, research write-ups, or specifications.
- Reproducing described behavior in a lab, test environment, or conceptual model.
- Documenting findings clearly in writing, with attention to technical detail and accuracy.
- Experience producing written technical material is a strong signal. This can include reports, documentation, blogs, or project notes.
- Candidates should be comfortable explaining technical concepts to others and engaging in constructive discussion. This includes:
- Asking questions when concepts are unclear.
- Accepting feedback and incorporating it into subsequent work.
- Explaining what they learned and how they approached a problem, both in writing and verbally.
- Prior experience working in team-based technical environments is beneficial but not required.
- Candidates that live within a commutable distance from our Tempe, AZ and St. Louis, MO home office locations are expected to work in the office four days per week effective June 1, 2026. Before June 1, 2026, candidates that live within a commutable distance from our Tempe, AZ and St. Louis, MO home office locations are expected to work in the office three days per week, with preference for Tuesday through Thursday.**
Awards & Accolades
At Edward Jones, we are building a place where everyone feels like they belong. We're proud of our associates' contributions to the firm and the recognitions we have received.
Check out our U.S. awards and accolades: Insights & Information Blog Postings about Edward Jones
Check out our Canadian awards and accolades: Insights & Information Blog Postings about Edward Jones
Read More About Awards & Accolades
About Us
Join a financial services firm where your contributions are valued. Edward Jones is a Fortune 500¹ company where people come first. With over 9 million clients and 20,000 financial advisors across the U.S. and Canada, we're proud to be privately-owned, placing the focus on our clients rather than shareholder returns.
Behind everything we do is our purpose: We partner for positive impact to improve the lives of our clients and colleagues, and together, better our communities and society. We are an innovative, flexible, and inclusive organization that attracts, develops, and inspires performance excellence and a sense of belonging.
People are at the center of our partnership. Edward Jones associates are seen, heard, respected, and supported. This is what we believe makes us the best place to start or build your career.
View our Purpose, Inclusion and Citizenship Report.
¹Fortune 500, published June 2024, data as of December 2023. Compensation provided for using, not obtaining, the rating.
Edward Jones does not discriminate on the basis of race, color, gender, religion, national origin, age, disability, sexual orientation, pregnancy, veteran status, genetic information or any other basis prohibited by applicable law.