Detection Engineer

This is a fully remote position, open to applicants in India.

📋 Description

• Convert findings from offensive security, penetration testing reports, and red team evaluations into actionable detection use cases.

• Create, validate, and uphold detection rules across SIEM and EDR platforms.

• Develop correlation-based detections utilizing Splunk and implement native detections in platforms like CrowdStrike Falcon and Microsoft Defender.

• Test detections against live telemetry and ensure they are production-ready.

• Work in conjunction with offensive security teams to guarantee accurate detection coverage for recognized attack techniques.

• Enhance and maintain MITRE ATT&CK coverage throughout the organization.

• Detect gaps in monitoring and suggest suitable controls.

• Continuously evaluate and enhance visibility into new threats and attack methodologies.

• Create investigation guides and runbooks for security operations teams.

• Assist MSSP and SOC teams by enhancing alert quality and minimizing false positives.

• Partner with incident response teams to refine detection logic informed by insights gained from investigations.

• Keep a centralized repository for detection rules with appropriate documentation and version control.

• Oversee and prioritize the detection engineering backlog based on risk, threat intelligence, and findings from offensive security.

⛳️ Requirements

• A minimum of 3 years of experience in Detection Engineering, Security Operations, Threat Detection, or similar cybersecurity roles.

• Practical experience in writing and maintaining detection rules suitable for production.

• Comprehensive knowledge of the MITRE ATT&CK Framework and adversary tactics, techniques, and procedures (TTPs).

• Experience with SIEM platforms, particularly Splunk.

• Hands-on experience with EDR solutions like CrowdStrike Falcon, Microsoft Defender for Endpoint, or comparable platforms.

• Familiarity with attack methodologies and concepts related to offensive security.

• Experience in validating detections through purple teaming, atomic testing, or simulation exercises.

• Excellent analytical and problem-solving abilities with a capacity to thrive in dynamic environments.

• Experience in Sigma rule authoring and cross-platform detection engineering is an added advantage.

• Offensive security certifications such as OSCP, CRTE, or equivalent are beneficial.

🏝️ Benefits

• Health insurance

• Professional development opportunities