Senior Threat Detection & Response Engineer

Our client is seeking a curious and motivated Senior Threat Detection & Response Engineer to build state-of-the-art threat detection, investigation and response (TDIR) capabilities.The experience expected from applicants, as well as additional skills and qualifications needed for this job are listed below.

This role will work with enterprise clients, and internally, to perform threat-informed detection engineering and threat research, implement security data lakes, SIEM and data pipelines strategies and transform response with SOAR and AI-SOC tooling.

You will have the opportunity to shape everything from our technical architecture and services to our company culture, while working on innovative detection engineering challenges.

Core Requirements

• 5+ years in cybersecurity, 3+ years focusedon detection engineering
• Proven ability to operationalise threat intelligence into actionable, high-fidelity detections
• Demonstratable experience with detection-as-code using multiple detection languages - Sigma, YAML, SPL, KQL, YARA-L, CoreTIDE.
• Proficient with Python, Git / GitHub and developing security tooling integrations and automations
• Hands-on experience with Splunk Cloud, Enterprise Security, and SOAR
• Deep understanding of MITRE ATT&CK and how to apply it practically
• Familiarity with offensive security concepts, attacker tradecraft or incident response
• Excellent technical writing and documentation skills
• Comfortable presenting to technical and non-technical audiences

Preferred Requirements

• Experience in architecting TDIR platforms or leading detection engineering initiatives
• Expertise with multiple SIEM platforms such as Google SecOps and MS Sentinel
• Experience using security data lakes and pipelines such as Cribl, Snowflake, Databricks
• Splunk Certificated Architect (or Enterprise Security Admin)

Bonus Points

• Track record of thought leadership and infosec community contributions (conference talks, blog posts, open source)
• Red team/penetration testing experience
• Deep cloud security knowledge (AWS/Azure/GCP)
• Kubernetes/container security knowledge
• Other security certifications (GIAC, HTB CAPE, PNPT, GCP/WS/Azure Security)