Detection Engineer

Experteer Overview

This role combines threat intelligence with security operations to continuously improve coverage and reduce false positives.

• Own the full detection use case lifecycle from concept to production-ready monitoring
• Design, implement, and maintain detection content in Google SecOps (YARA-L) and CrowdStrike Falcon aligned with logging telemetry
• Map detections to the MITRE ATTu0026CK framework and perform gap analyses to prioritize new use cases
• Tune detections iteratively to minimize false positives while preserving fidelity
• Write clear use case specification documents detailing scope, logging, threats, and analyst response
• Collaborate with SOAR/automation engineers and CTI to ensure detections feed into playbooks and reflect current threat reporting
• Validate detections through purple-team exercises and adversary emulation using Detection-as-Code

• 3+ years in detection engineering, SOC engineering, threat hunting, or related security operations
• Experience writing and tuning detection content in a modern SIEM (Google SecOps/Chronicle YARA-L preferred; Splunk SPL, Sentinel KQL, Elastic EQL valued)
• Working knowledge of EDR platforms, ideally CrowdStrike Falcon (custom IOAs, event search, Falcon Query Language)
• Strong understanding of MITRE ATTu0026CK and applying it to detection design
• Solid grasp of attacker tradecraft across Windows, Linux, cloud (AWS/Azure/GCP), and identity (AD, Entra ID)
• Proficiency in at least one scripting or query language (Python, PowerShell, SQL, regex) and familiarity with Detection-as-Code (Git, CI/CD)
• Clear written English communication; ability to explain detection purpose, coverage, and triage steps

• hybrid work model
• up to 25 days abroad
• bonus scheme
• pension
• employee shares program
• learning and career mobility