Security Engineer - MDR

Shape how threats are detected before they become incidents and protect what truly matters in our customers’ most critical environments.

As an MDR Threat Hunter, you are responsible for proactively identifying, analyzing, and translating emerging threats into actionable detection capabilities within mission-critical environments. You operate on top of a central MDR platform and continuously improve detection coverage by combining deep technical understanding with a strong security mindset. You play a key role in shaping how we detect and respond to threats: not by following predefined playbooks, but by understanding system behaviour, identifying gaps, and designing new detection use cases that matter. 

This role bridges security engineering, detection engineering, and threat intelligence. You'll need curiosity, a sense of ownership, and the ability to turn abstract threats into practical detection logic in complex environments.This is a critical role in delivering high-quality, tailored detection and response capabilities for large, complex customer landscapes. 

/ What you will do 

Detection engineering & threat hunting

• Develop and continuously improve detection use cases based on emerging threats and observed behaviour.
• Translate threat scenarios and security insights into actionable detection logic.
• Proactively perform threat hunting on the environment to identify abnormal or suspicious patterns.
• Analyse logs and telemetry data to uncover behaviours that are not yet covered by existing detections.

Use case development & response design

• Define what should happen when detections trigger (response actions, automation, escalation paths).
• Continuously refine detection logic to improve quality, relevance, and signal-to-noise ratio.
• Contribute to building custom detection scenarios tailored to customer environments.

Threat intelligence & continuous improvement

• Actively follow security developments, vulnerabilities, and threat intelligence and translate these into new hunts and detections.
• Identify gaps in detection coverage and proactively propose improvements.
• Contribute to the evolution of the MDR detection strategy.

Communication & advisory

• Translate findings into clear, actionable communication for engineers and stakeholders.
• Contribute to security advisories and share relevant threats across the organisation.
• Work closely with engineers to understand system behaviour and validate detection strategies.

Platform collaboration

• Leverage the central MDR platform to implement detections and analyse data.
• Collaborate with platform/automation engineers to improve integrations and detection capabilities.

/ What you bring  

We are looking for someone who combines engineering fundamentals with a strong interest in security and is motivated to move towards or deepen expertise in threat hunting and detection engineering. 

Must have skills:

• Strong automation mindset and ability to translate problems into scalable logic.
• Experience working with logs, telemetry, and detection use cases.
• Solid engineering fundamentals (Linux, networking, infrastructure behaviour).
• Ability to distinguish normal vs. abnormal system behaviour.
• Experience with Python and/or Bash scripting.
• Familiarity with SIEM / log analytics platforms (e.g. OpenSearch, Elastic, Splunk, Sentinel).
• Strong understanding of security principles in detection and response.
• Analytical, curious, and driven to understand how systems and threats behave.
• Ownership mindset with responsibility for detection quality and coverage.
• Strong communication skills to translate findings into actionable insights.
• Ability to connect business context to detection logic.

Nice to have skills:

• Experience with SOAR / security automation.
• Exposure to threat hunting, detection engineering, or advanced SOC.
• Experience with cloud environments (AWS, Azure or similar).
• Familiarity with CI/CD, Git, or configuration tooling.

/ Who are you? 

You are an engineer with a strong interest in security, driven to understand how systems behave and how threats manifest. You don’t follow playbooks blindly, you want to understand why detections exist and how they can be improved.You combine analytical thinking with a hands-on mindset and enjoy working with complex data and environments. You are curious, proactive, and take ownership of the quality of your work. At the same time, you are able to clearly communicate your findings and collaborate effectively with engineers and stakeholders across the organisation.

/ What can you expect? 

At Schuberg Philis, you’ll join a community of engineers with an awesome combination of exceptionally high security standards, an infatuation with automation, and the power to make a positive, sustainable impact on customers’ business. Due to the nature of our customer engagements, there is no pressure on (billable) hours; we focus on quality and impact – or how we like to call it: “freedom & responsibility”. You know best how to deliver the most value.

You’ll be embedded in a company committed to helping colleagues grow as people and professionals through training, knowledge sharing, mentoring, and good old-fashioned fun. 

Our offices are high quality workspaces, and we go way beyond what is expected. We have productive equipment, good food and drinks, team outings, family days, labs to experiment with innovative technologies, etc. We’re active in relevant tech communities, attending and organizing meetups and conferences, and we organize internal knowledge sharing events where Tech Leads play an important role. 

If you’re an engineer in the Netherlands with a strong interest in security and want to proactively hunt threats, design detections, and make real impact in mission-critical environments, we’d love to hear from you.

Everyone we work with and consider working with has a right to equal treatment. The hiring and appraisal process at Schuberg Philis is designed to be thorough and equitable, implementing fair payment, benefits, and opportunities across all demographics. 
 
It is our desire to be a company that brings together multiple nationalities, cultures, religions, genders, abilities, and talents within and across our teams. We welcome colleagues from diverse backgrounds to join Schuberg Philis and actively support diversity and inclusion in the tech industry.