Job Description

• Design, implement and automate high-fidelity detection rules using SIEM, EDR, and other telemetry sources (e.g. Sentinel, Defender, AWS, etc.) to improve efficiency and accuracy. 

• Monitor and tune alerts to reduce false positives and improve signal-to-noise ratio. 

• Regularly test and validate detection content to ensure its effectiveness and accuracy.

• Create documentation and knowledge transfer materials for detections and engineering processes. 

• Perform gap analysis and continuously improve detection coverage, accuracy, and resilience. 

• Design and develop security automations workflows using SOAR (Security Orchestration, Automation, and Response) primarily using Microsoft Sentinel/Logic Apps. 

• Build and maintain custom integrations with SIEM, EDR, Threat Intel feeds, ticketing systems, and other SOC tools. 

• Automate repetitive SOC tasks such as alert triage, enrichment, IOC lookups, and ticket creation. 

• Develop dashboards or utilities to improve visibility and operational insights into SOC metrics. 

• Collaborate with security operations center analysts & threat intelligence to stay ahead of evolving adversary tactics (MITRE ATT&CK-based). 

• Create and update relevant runbooks, playbooks and other necessary documentation around detection rules and attacker TTP's. 

• Prepare and present detailed reports on detection/automation activities, findings, and improvements to senior management. 

Qualifications:

• Bachelor’s degree in cybersecurity, computer science, information technology, or related field. 

• 5+ years in cybersecurity, with 3+ years specifically in detection and automation engineering. 

• Proficiency in writing detection logic using KQL, SPL or other relevant query languages. 

• Experience with query languages such as KQL, SPL and scripting languages (Bash, PowerShell, Python, JavaScript) 

• Proficient in developing automations using SOAR platforms, specifically Microsoft Sentinel/Logic Apps 

• Understanding of SOC operations, incident response workflows, and threat detection techniques. 

• Experience with RESTful APIs and integration of third-party tools. • Experience building advanced analytics (ML) and developing AI agents/tools • Experience in a cloud-first or hybrid cloud environment (preferably AWS and Azure). 

• Strong, practical knowledge of the MITRE ATT&CK framework, and how to map adversary behaviors to telemetry for detection design. 

• Deep understanding of attacker TTPs, threat modeling, and detection methodologies. 

• Familiarity with version control (Git), CI/CD pipelines, and infrastructure as code concepts. 

• Experience in using security orchestration, automation, and response tools. • Strong analytical skills to analyze large volumes of data and identifying potential threats, patterns. 

• The ability to effectively communicate both verbally and in writing to audiences of different technical skill levels. 

• Relevant certifications such as: 

o Microsoft SC-200, Azure Security Engineer Associate 

o AWS Certified Security – Specialty 

o GIAC (GCIA, GCTI, GDAT), CISSP, or CISM 

Job Tags

Similar Jobs