Key skills
Cyber SecuritySplunkVersion ControlRepository
About this role
Role Overview
- Translate offensive security findings, penetration test reports, and red team assessments into actionable detection use cases.
- Develop, validate, and maintain detection rules across SIEM and EDR platforms.
- Build correlation-based detections using Splunk and native detections within platforms such as CrowdStrike Falcon and Microsoft Defender.
- Validate detections against live telemetry and ensure production readiness.
- Collaborate with offensive security teams to ensure accurate detection coverage for identified attack techniques.
- Maintain and improve MITRE ATT&CK coverage across the organization.
- Identify detection gaps and recommend appropriate monitoring controls.
- Continuously assess and improve visibility into emerging threats and attack techniques.
- Develop investigation guides and runbooks for security operations teams.
- Support MSSP and SOC teams by improving alert quality and reducing false positives.
- Collaborate with incident response teams to enhance detection logic based on lessons learned from investigations.
- Maintain a centralized detection rule repository with proper documentation and version control.
- Manage and prioritize the detection engineering backlog based on risk, threat intelligence, and offensive security findings.
Requirements
- 3+ years of experience in Detection Engineering, Security Operations, Threat Detection, or related cybersecurity roles.
- Hands-on experience writing and maintaining production-grade detection rules.
- Strong understanding of MITRE ATT&CK Framework and adversary tactics, techniques, and procedures (TTPs).
- Experience working with SIEM platforms such as Splunk.
- Hands-on experience with EDR solutions such as CrowdStrike Falcon, Microsoft Defender for Endpoint, or similar platforms.
- Knowledge of attack methodologies and offensive security concepts.
- Experience validating detections through purple teaming, atomic testing, or simulation exercises.
- Strong analytical and problem-solving skills with the ability to work in dynamic environments.
- Experience with Sigma rule authoring and cross-platform detection engineering is a plus.
- Offensive security certifications such as OSCP, CRTE, or equivalent are advantageous.
Tech Stack
- Cyber Security
- Splunk
Benefits
- Health insurance
- Professional development opportunities