Detection Engineer – Cybersecurity

About the role

We are looking for a Detection Engineer to design, develop and improve advanced threat detection capabilities across endpoint, network and cloud environments. The role will involve building custom detection logic, conducting threat hunting and translating MITRE ATT&CK techniques into high‑fidelity alerts.

Key responsibilities

• Develop custom detection rules using EDR/XDR telemetry such as Microsoft Defender, CrowdStrike and SentinelOne.
• Build detections for process execution, command‑line activity, DLL loads, network anomalies and other attack behaviours.
• Translate threat intelligence and MITRE ATT&CK techniques into actionable detections.
• Implement and tune detections in Microsoft Defender, CrowdStrike, SentinelOne, Azure Sentinel and Splunk.
• Conduct threat‑hunting missions and validate detections through attack simulations and purple‑team exercises.
• Optimize detections to minimise false positives and alert fatigue.
• Collaborate with SOC, Incident Response and Threat Intelligence teams.

Required profile

• Proven hands‑on experience designing detection rules and performing threat hunting.
• Deep understanding of endpoint telemetry, attack techniques and the MITRE ATT&CK framework.

Required skills

• Microsoft Defender, CrowdStrike, SentinelOne.
• KQL, SPL and Sigma rule authoring.
• Azure Sentinel and Splunk platforms.
• Python or PowerShell scripting (basic to intermediate).