threat detection engineer

We are looking for a Threat Detection Engineer, with strong analytical and problem-solving skills, to join our information security operations team.

The Thread Detection Engineer will actively contribute to improving our threat detection capabilities by translating operational and tactical threat intelligence into high-fidelity detection analytics and improving our monitoring scope by integrating new log sources with our SIEM platform, either through native or custom integrations. The role also encompasses administration of the different technologies that our information security operations team uses, such as SIEM and XDR. This position is ideal for someone with a good security, system or network administration, DevOps or data science background, who enjoys working with large data sets, developing security use cases, and enhancing security visibility.

The main responsibilities of the position include:

• Develops, tests, and deploys threat detection analytics in the Security Information & Event Management (SIEM)

• Engineers and optimises security telemetry pipelines to ensure data quality and coverage

• Manages security platforms and technology used by the information security operations team such as SIEM and Extended Detection & Response (XDR)

• Creates and maintains detection analytics based on threat intelligence, attack frameworks (e.g., MITRE ATT&CK), and evolving adversary techniques

• Continuously tunes detection content to reduce false positives and improve signal-to-noise ratio before moving them into production

• Works with the Threat Response and Threat Intelligence teams to validate and refine detections

• Performs gap analysis on existing monitoring and logging to identify blind spots

• Contributes to the development of playbooks and automations for alert triage and incident response

Main requirements:

• BSc/MSc in Information Security or any other related field

• Minimum 3 years working experience in a technical information security role, or a system/network administration, devops or data science role

• Hands-on experience with SIEM tools (e.g., Splunk, Elastic, QRadar), EDR/XDR platforms (e.g., CrowdStrike, SentinelOne), and log management systems

• Good knowledge of security technologies such as firewalls, IPS, WAF, and VPNs

• Good knowledge of various information system technologies (Windows/Linux systems, Active Directory, VMware, databases, etc.)

• Strong understanding of MITRE ATT&CK, D3FEND, cyber kill chain, and common attacker TTPs

• Proficiency in writing detection rules using KQL, SPL, or similar query languages

• Familiarity with scripting or automation (e.g., Python, PowerShell, Bash)

• Experience with cloud security logging and monitoring (AWS, Azure, GCP)

• Experience developing detection rules (YARA, Sigma, Snort) and querying in SIEM platforms (Splunk, Sentinel, Elastic)

• Methodical problem solver and critical thinker

• Self-motivated, organized, and proactive

• Ability to learn new technologies quickly and in depth

• Very good analytical skills.

• Good communication skills

• Ability to work autonomously with minimal supervision

• Strong team working skills

The following will be considered an advantage:

• Holding one of the following certifications is considered an advantage: GCFA, GCFE, GCIH, GREM, GCIA, GMON, GCFR, eCIR

• Experience integrating threat intelligence into detection pipelines is considered an advantage

Benefit from:

• Attractive remuneration package

• Private health insurance

• Corporate pension fund

• Intellectually stimulating work environment

• Continuous personal development and international training opportunities