Senior Detection Engineer

Sri Lanka·Colombosenior

OtherDetection Engineer

0 views0 saves0 applied

Overview

Design, develop, and maintain security detections across SIEM, XDR, cloud, endpoint, and identity platforms.

Technical Tools

OtherDetection Engineer

Design, develop, and maintain security detections across SIEM, XDR, cloud, endpoint, and identity platforms.
Build high-fidelity detection rules mapped to frameworks such as MITRE ATT&CK and other threat models.
Develop and manage detection-as-code processes, including testing, version control, and automated deployments.
Analyze security telemetry from multiple sources and create correlation rules to identify sophisticated attack patterns.
Continuously tune and optimize detection logic to improve alert quality and reduce false positives.
Research emerging threats, attacker techniques, and malware trends, and translate them into effective detection content.
Conduct detection gap assessments and recommend improvements to increase security coverage.
Collaborate with SOC, Incident Response, Threat Hunting, and Threat Intelligence teams to enhance detection capabilities.
Support post-incident reviews and implement detection improvements based on lessons learned.
Validate data quality, log sources, and telemetry availability required for effective threat detection.
Develop dashboards, reports, and metrics to measure detection effectiveness, coverage, and performance.
Contribute to automation initiatives that improve detection engineering and response workflows.
Mentor junior team members and promote detection engineering best practices.

~1 min read

Bachelor's Degree in Cyber Security, Information Technology, Computer Science, or a related field.
7+ years of experience in Detection Engineering, Threat Hunting, Incident
Response, SOC Engineering, or related cyber security roles.
Hands-on experience with SIEM and XDR platforms such as Splunk, Microsoft Sentinel, Elastic, Stellar Cyber, or similar.
Strong understanding of cyber threats, attack techniques, adversary behavior, and malware analysis.
Experience developing detection rules using technologies such as KQL, Sigma, SPL, or equivalent query languages.
Strong scripting skills in Python, PowerShell, or similar languages.
Experience working with large log datasets and performing investigations using SQL or similar query languages.
Knowledge of cloud security concepts across AWS, Azure, or GCP environments
Experience with Git, CI/CD pipelines, and Detection-as-Code methodologies.
Strong analytical, troubleshooting, and problem-solving skills.
Excellent communication and stakeholder management abilities.

Experience with SOAR platforms and automated response workflows.
Experience with cloud-native threat detection and monitoring.
Hands-on threat hunting experience.
Familiarity with detection coverage mapping and security metrics.
Industry certifications such as GCIH, GCFA, GCIA, CISSP, or Offensive Security certifications.
Contributions to open-source detection content such as Sigma, YARA, or community detection repositories.