Cyber Detection Engineer

This is a fully remote position, open to applicants in Philippines.

📋 Description

• Concentrated on enhancing detection capabilities, developing and refining analytics, and utilizing Microsoft security tools.

• Creating, fine-tuning, and sustaining threat-focused detections in Microsoft Sentinel with KQL.

• Establishing analytics rules, hunting queries, workbooks, automation processes, and alert enrichment.

• Collaborating with log sources across Microsoft Defender, Azure, Microsoft 365, identity platforms, firewalls, SaaS applications, and various client environments.

• Aligning detections with attacker behaviors, TTPs, and frameworks such as MITRE ATT&CK.

• Assisting in the onboarding, validation, and optimization of data connectors and log sources.

• Minimizing false positives through systematic tuning, baselining, and feedback from SOC analysts.

• Aiding in the creation of reusable detection content, playbooks, and best-practice templates for CyberOne clients.

• Validating new or updated detection capabilities in the content hub.

• Partnering with SOC analysts and incident responders to enhance triage quality and investigation workflows.

• Producing comprehensive documentation for detections, use cases, data requirements, assumptions, and response guidelines.

• Supporting client workshops and technical discussions related to detection coverage, Sentinel maturity, and monitoring/detection strategies.

• Staying informed about emerging threats, Microsoft security advancements, and detection engineering methodologies.

⛳️ Requirements

• Practical experience with Microsoft Sentinel or other SIEM platforms.

• Proficiency in writing KQL queries for detection, investigation, or reporting purposes.

• Familiarity with Microsoft Defender products, including Defender for Endpoint, Defender for Office 365, Defender for Cloud, or Defender for Identity.

• Understanding of Azure, Entra ID, Microsoft 365, and common cloud security log sources.

• Knowledge of security monitoring principles, alert logic, false positive tuning, and the detection lifecycle management process.

• Interest in attacker behaviors, persistence strategies, lateral movement, credential abuse, and prevalent cloud attack vectors.

• Knowledge of frameworks such as MITRE ATT&CK, Cyber Kill Chain, or similar methodologies.

• Ability to clearly document technical processes and articulate detection logic to both technical and non-technical stakeholders.

• Basic skills in scripting or automation, such as PowerShell, Python, Logic Apps, or related technologies.

• A collaborative attitude and eagerness to engage with analysts, engineers, consultants, and clients.

🏝️ Benefits

• Flexible working hours and a remote-first culture.

• Birthday off and long-service recognition.

• Bi-annual performance bonuses and team outings.

• Structured training programs, technical exposure, and career development opportunities.