Detection Engineer – Threat Detection & Hunting

About the role

The Detection Engineer designs, builds, and continuously improves our threat detection capabilities. You will translate threat intelligence and adversary tactics into high‑fidelity detection logic, conduct proactive threat hunting, and engineer automated detection content across the security stack.

Key responsibilities

• Design, develop, and deploy detection rules and alerts across SIEM, EDR, NDR, and cloud security tools.
• Create high‑fidelity detections using threat intelligence, MITRE ATT&CK techniques, and emerging threats.
• Write detection logic with query and rule languages such as KQL, SPL, Sigma, and YARA.
• Conduct proactive threat‑hunting campaigns to identify coverage gaps.
• Test and validate detections using attack simulation tools like Atomic Red Team and CALDERA.
• Onboard new log sources, ensure data quality, and map sources to MITRE ATT&CK techniques.
• Develop automation workflows, detection‑as‑code pipelines, and integrate threat‑intelligence feeds.
• Manage detection‑related incidents and changes through ITSM tools (ServiceNow, Jira).

Required profile

• Experience designing and tuning detection rules to reduce false positives while maintaining coverage.
• Proven ability to conduct threat hunting and translate findings into actionable detection content.
• Familiarity with security operations processes and ITSM workflows.

Required skills

• SIEM, EDR, NDR platforms
• Cloud security tools
• KQL, SPL, Sigma, YARA
• MITRE ATT&CK framework
• Atomic Red Team, CALDERA
• ServiceNow, Jira