Detection Engineer

We are looking for a highly skilled Detection Engineer to join our international client. This role combines data engineering expertise with security monitoring and threat detection. You will design, build, and optimize detection capabilities across large-scale data sources, enabling proactive threat hunting, incident response, and security automation.

Requirements

Key Responsibilities

• Develop and maintain detection rules, alerts, and automated workflows for security monitoring.

• Perform log analysis across diverse sources such as cloud logs, application logs, and security tools.

• Design and implement dashboards and visualizations (Kibana, Grafana, Tableau, or custom interfaces) to support investigations and reporting.

• Write and optimize queries in Elasticsearch/Lucene, SQL, KQL (Kusto), SPL (Splunk), or similar.

• Automate detection and response tasks using Python, PowerShell, or other scripting languages.

• Integrate and enhance SIEM and SOAR platforms for seamless security orchestration.

• Support incident response investigations, providing technical analysis and actionable insights.

• Continuously tune queries and indexes to ensure efficient, large-scale analytics.

• Collaborate with threat hunters, analysts, and engineers to improve detection coverage and reduce false positives.

Must-Have Requirements

• 3+ years of experience in security detection engineering, threat hunting, or related fields.

• Strong proficiency in at least one query language (Elasticsearch/Lucene, SQL, KQL, SPL).

• Proven experience with log analysis and monitoring across multiple environments.

• Hands-on knowledge of SIEM/SOAR platforms and security automation.

• Scripting/automation experience in Python, PowerShell, or similar.

• Familiarity with data visualization tools (Kibana, Grafana, Tableau).

• Strong troubleshooting, analytical, and incident response skills.

Nice-to-Have

• Experience with machine learning, anomaly detection, or behavioral analytics for security.

• Multi-cloud detection experience (AWS, Azure, GCP).

• Knowledge of MITRE ATT&CK, Cyber Kill Chain, or similar frameworks.

• Security certifications (GCTI, GCFA, GNFA, or equivalent).

• Contributions to open-source detection or security analytics projects.

• Background in data science or advanced analytics for security applications.

• Compliance and regulatory reporting experience.