Key skills
AWSAzureCloudCyber SecurityGoogle Cloud PlatformPythonBashPowerShellAnalyticsGCPGoogle CloudGitHubVersion ControlRepositoryCommunicationCollaboration
About this role
Role Overview
- Design, develop, and maintain detection rules, alerts, and analytics to identify cybersecurity threats across endpoints, network, identity, cloud, and application platforms
- Collaborate with threat intelligence, threat hunting, and security operations teams to understand emerging threats and translate TTPs into actionable detections
- Continuously monitor the threat landscape and proactively recommend improvements to detection coverage and methodology
- Validate, test, and tune detection content to reduce false positives and improve accuracy, performance, and signal-to-noise ratio
- Partner with incident response teams to provide detection insights, improve alert fidelity, and support investigation workflows
- Maintain and enhance the organization’s detection repository within SIEM and detection platforms, ensuring content stays current with evolving attack techniques
- Develop and refine Data Loss Prevention (DLP) detection policies and monitoring use cases to protect sensitive data and support compliance requirements
- Identify detection gaps and raise risks, working with engineering and security stakeholders to prioritize remediation and improvements
- Stay current on cybersecurity tools, frameworks, and adversary techniques to continuously evolve detection engineering practices
- Contribute technical guidance and peer mentorship, helping uplift detection quality and engineering standards across the team
Requirements
- Bachelor's degree in computer science, Information Security, or a related field (or equivalent practical experience)
- 4–8+ years of experience in cybersecurity with a strong focus on detection engineering, threat hunting, SOC operations, or incident response
- Experience working with or alongside Red Team/Purple Team activities
- Strong knowledge of SIEM platforms, log pipelines, and detection engineering workflows
- Proficiency in scripting or programming languages such as Python, PowerShell, or Bash
- Familiarity with adversary tactics, techniques, and procedures (TTPs), MITRE ATT&CK, and detection engineering frameworks
- Experience with cloud environments and cloud-native attack/detection strategies (e.g., AWS, Azure, GCP)
- Strong analytical and problem-solving skills with a creative approach to detection design
- Excellent collaboration and communication skills with the ability to work cross-functionally with security and engineering teams
- Relevant certifications (e.g., GCDA, GCFA, GCFR, GCIH, GREM, OSCP, CISSP) are a plus but not required
- Experience with Version Control Systems (VCS) (GitHub)
- Experience working with SIGMA, YARA, and detection query language structures
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
- Google Cloud Platform
- Python
Benefits
- Health insurance
- Retirement plans
- Paid time off
- Flexible work arrangements
- Professional development opportunities