Senior Detection Engineer

George Bernard Consulting

Job Location:

Colombo - Sri Lanka

Monthly Salary: Not Disclosed

Posted on: 10 days ago

Vacancies: 1 Vacancy

Job Summary

Design develop and maintain security detections across SIEM XDR cloud endpoint and identity platforms.
Build high-fidelity detection rules mapped to frameworks such as MITRE ATT&CK and other threat models.
Develop and manage detection-as-code processes including testing version control and automated deployments.
Analyze security telemetry from multiple sources and create correlation rules to identify sophisticated attack patterns.
Continuously tune and optimize detection logic to improve alert quality and reduce false positives.
Research emerging threats attacker techniques and malware trends and translate them into effective detection content.
Conduct detection gap assessments and recommend improvements to increase security coverage.
Collaborate with SOC Incident Response Threat Hunting and Threat Intelligence teams to enhance detection capabilities.
Support post-incident reviews and implement detection improvements based on lessons learned.
Validate data quality log sources and telemetry availability required for effective threat detection.
Develop dashboards reports and metrics to measure detection effectiveness coverage and performance.
Contribute to automation initiatives that improve detection engineering and response workflows.
Mentor junior team members and promote detection engineering best practices.

Requirements

Bachelors Degree in Cyber Security Information Technology Computer Science or a related field.
7 years of experience in Detection Engineering Threat Hunting Incident
Response SOC Engineering or related cyber security roles.
Hands-on experience with SIEM and XDR platforms such as Splunk Microsoft Sentinel Elastic Stellar Cyber or similar.
Strong understanding of cyber threats attack techniques adversary behavior and malware analysis.
Experience developing detection rules using technologies such as KQL Sigma SPL or equivalent query languages.
Strong scripting skills in Python PowerShell or similar languages.
Experience working with large log datasets and performing investigations using SQL or similar query languages.
Knowledge of cloud security concepts across AWS Azure or GCP environments
Experience with Git CI/CD pipelines and Detection-as-Code methodologies.
Strong analytical troubleshooting and problem-solving skills.
Excellent communication and stakeholder management abilities.

Preferred Qualifications

Experience with SOAR platforms and automated response workflows.
Experience with cloud-native threat detection and monitoring.
Hands-on threat hunting experience.
Familiarity with detection coverage mapping and security metrics.
Industry certifications such as GCIH GCFA GCIA CISSP or Offensive Security certifications.
Contributions to open-source detection content such as Sigma YARA or community detection repositories.

Design develop and maintain security detections across SIEM XDR cloud endpoint and identity platforms.Build high-fidelity detection rules mapped to frameworks such as MITRE ATT&CK and other threat models.Develop and manage detection-as-code processes including testing version control and automated d...

Design develop and maintain security detections across SIEM XDR cloud endpoint and identity platforms.
Build high-fidelity detection rules mapped to frameworks such as MITRE ATT&CK and other threat models.
Develop and manage detection-as-code processes including testing version control and automated deployments.
Analyze security telemetry from multiple sources and create correlation rules to identify sophisticated attack patterns.
Continuously tune and optimize detection logic to improve alert quality and reduce false positives.
Research emerging threats attacker techniques and malware trends and translate them into effective detection content.
Conduct detection gap assessments and recommend improvements to increase security coverage.
Collaborate with SOC Incident Response Threat Hunting and Threat Intelligence teams to enhance detection capabilities.
Support post-incident reviews and implement detection improvements based on lessons learned.
Validate data quality log sources and telemetry availability required for effective threat detection.
Develop dashboards reports and metrics to measure detection effectiveness coverage and performance.
Contribute to automation initiatives that improve detection engineering and response workflows.
Mentor junior team members and promote detection engineering best practices.

Requirements

Bachelors Degree in Cyber Security Information Technology Computer Science or a related field.
7 years of experience in Detection Engineering Threat Hunting Incident
Response SOC Engineering or related cyber security roles.
Hands-on experience with SIEM and XDR platforms such as Splunk Microsoft Sentinel Elastic Stellar Cyber or similar.
Strong understanding of cyber threats attack techniques adversary behavior and malware analysis.
Experience developing detection rules using technologies such as KQL Sigma SPL or equivalent query languages.
Strong scripting skills in Python PowerShell or similar languages.
Experience working with large log datasets and performing investigations using SQL or similar query languages.
Knowledge of cloud security concepts across AWS Azure or GCP environments
Experience with Git CI/CD pipelines and Detection-as-Code methodologies.
Strong analytical troubleshooting and problem-solving skills.
Excellent communication and stakeholder management abilities.

Preferred Qualifications

Experience with SOAR platforms and automated response workflows.
Experience with cloud-native threat detection and monitoring.
Hands-on threat hunting experience.
Familiarity with detection coverage mapping and security metrics.
Industry certifications such as GCIH GCFA GCIA CISSP or Offensive Security certifications.
Contributions to open-source detection content such as Sigma YARA or community detection repositories.