Leading Threat Detection Engineer
İş Təsviri
BandB
Leading Threat Detection Engineer:
We are looking for a highly skilled and experienced Leading Threat Detection Engineer to strengthen our Security Operations capabilities. This role is responsible for leading the design, development, and continuous improvement of threat detection strategies, automation workflows, and proactive threat hunting processes. You will work closely with Monitoring, Threat Intelligence and Incident Response teams to ensure detection coverage is robust, actionable, and aligned with evolving adversary techniques. This position plays a key role in enhancing our detection engineering maturity and delivering high-quality security outcomes to our customers.
Note that candidate must be an Azerbaijani national.
Responsibilities:
Design and continuously improve the threat detection engineering process by performing threat modeling and mapping attacker tactics and techniques to high-fidelity detection logic.
Design, implement, and maintain detection logic across SIEM, and EDR/XDR platforms
Implement detection rules using trendy techniques (e.g., outlier detection, behavior analytics, cross correlation).
Participate in purple teaming exercises, to ensure detection logic is maintained properly; utilize automated adversary emulation tools (e.g., Caldera) to evaluate existing/new detection scenarios.
Automate incident monitoring, remediation and enrichment processes by developing playbooks, custom scripts and integrations.
Proactively analyze alerts causing too much noise, reduce MTTR by refining detection logic and automation playbooks.
Coordinate incident management flow between various teams in security operations, including monitoring, incident response and threat intelligence.
Lead onboarding of new customers into security operations through predefined procedures, including integration of customer security tools with the incident management platform and enhancement of log visibility through regular auditing and optimization of ingested data.
Lead continuous threat hunting activities, by tracking down emerging adversary TTPs.
Requirements:
3+ years of experience in a SOC environment, with a focus on threat detection engineering.
Expertise in implementing detection logic according to evolving attacker TTPs, leveraging frameworks like MITRE ATT&CK to ensure detection and response efforts meet industry standards.
Experience in developing automated incident response playbooks and scripts utilizing SOAR platform.
Experience in threat hunting exercises, creating scheduled/saved queries in SIEM/XDR to continuously hunt specific tactics & techniques to stay alert; leveraging tools such as Chainsaw to hunt through extracted logs
Experience with scripting languages (e.g., Python, PowerShell) to create automation scripts/custom integrations for SOAR playbooks.
Mentor SOC Analysts and other threat detection members to improve their detection engineering and incident response automation skills.
Strong problem solving, algorithmic and analytical skills to deal with complexity of incident management across various customers and tools.
Strong communication skills to collaborate with multiple departments and customers, ensuring delivered output always meets customer needs and standards.
Ideal candidate should have experience with following security tools to deliver quality detection engineering service:
Writing queries for detection scenarios and custom dashboards in SIEM such as Splunk, Elastic, IBM Qradar, MS Sentinel.
Configuring policies/profiles to meet visibility/prevention requirements in EDR/XDR such as Crowdstrike Falcon, Cortex XDR, MDE.
Developing automation playbooks and custom scripts based on use cases, integration of various security products in SOAR such as Cortex XSOAR, Splunk SOAR.
Preferred:
Bachelor’s degree in IT, Cybersecurity, or related field
Industry certifications such as: eCTHP, BTL2, OSDA, OSCP, OSEP
Experience in MSSP environment
Salary: upon the interview
Interested candidates can send their CV to the e-mail address in the Apply for job button by mentioning Leading Threat Detection Engineer in the subject line.