Senior Threat Detection Engineer

Senior Threat Detection Engineer

Requirements

• 5+ years of experience in threat detection, hunting, penetration testing, and/or offensive security.
• 3+ years of experience in Microsoft Security tools (Defender for Endpoint, Sentinel), CrowdStrike, Splunk, and Google Chronicle.
• 3+ years of experience with KQL, SPL, Python, PowerShell, or Bash scripting for automation and detection logic.

Responsibilities

• Develop, deploy, and optimize detection rules across SIEM platforms such as Microsoft Sentinel, Splunk, and Google Chronicle.
• Conduct threat hunting activities using Microsoft Defender, CrowdStrike, and other SOC tools to identify and respond to advanced threats.
• Leverage KQL and SPL (Search Processing Language) to create custom detections and automate responses.
• Continuously refine detection capabilities based on emerging threats and intelligence.
• Assist with internal and external penetration tests to identify vulnerabilities.
• Design and execute adversary emulation scenarios to assess detection and response effectiveness.
• Utilize penetration testing tools and custom scripts to simulate real-world attack scenarios.
• Produce detailed reports with findings and actionable recommendations.
• Work closely with blue teams to conduct purple team exercises, bridging offensive and defensive security efforts.
• Provide actionable insights to improve monitoring, alerting, and incident response based on adversary tactics.
• Facilitate knowledge-sharing sessions to upskill internal teams on TTPs (Tactics, Techniques, and Procedures).
• Integrate threat intelligence into detection strategies to prioritize threats and adapt detection rules.
• Analyze threat intelligence feeds and translate them into actionable detection and response measures.
• Collaborate with the incident response team during investigations by providing adversary tactics insights.
• Assist in developing threat-hunting use cases and refining detection capabilities.
• Contribute to the development of a comprehensive detection strategy aligned with risk management goals.
• Provide leadership with reports on security gaps, risks, and detection effectiveness.

Preferred Qualifications

• Relevant certifications such as OSCP, GCIH, GCIA, CISSP, CEH, or Microsoft Azure Certification.
• Experience in managing or participating in purple team exercises.
• Familiarity with compliance standards like PCI-DSS, HIPAA, or ISO 27001.
• Strong understanding of the MITRE ATT&CK framework and security standards (NIST, CIS).
• Strong communication skills to convey complex security issues to non-technical stakeholders.