Detection Engineer Intern - Summer 2026

Expel is hiring Detection Engineer Interns for Summer 2026 to help build detections used by our 24/7 Managed Detection and Response SOC. You will research adversary techniques, write and tune detection rules across multiple SIEM technologies (Elastic, Splunk, Chronicle, Sentinel), develop automation in Python, and contribute to our public blog. Responsibilities include collaborating with our SOC analysts to reduce false positives, mapping detections to MITRE ATT&CK, and building content libraries that scale across hundreds of customer environments. Qualifications: pursuing a BS/MS in Cybersecurity or Computer Science; familiarity with at least one SIEM query language (SPL, KQL, ES|QL); Python scripting fluency; understanding of Windows and cloud attacker TTPs; prior SOC, CTF, or blue-team experience strongly preferred.