Cyber Threat Detection and Development

Key Responsibilities:

• Develop, test, and maintain detection use cases across SIEM, EDR, NDR, and cloud security platforms.
• Proactively hunt for threats using behavioral analytics and threat intelligence feeds.
• Write detection rules (e.g., Sigma, KQL, SPL, YARA, Snort), based on MITRE ATT&CK and emerging threat techniques.
• Analyze security logs and telemetry to identify malicious activity and suspicious patterns.
• Collaborate with the SOC, incident response, and threat intel teams to build a proactive defense model.
• Stay up to date on cyber threat landscape and contribute to improving detection strategies.
• Work with automation tools (SOAR) to respond to threats and improve detection-response cycles.

Key Skills Required:

• Strong knowledge of threat detection methodologies, malware behavior, and attack techniques
• Hands-on experience with SIEM tools (e.g., Splunk, Sentinel, QRadar, Elastic)
• Proficiency in writing detection logic using KQL, SPL, Sigma, or custom rule languages
• Familiarity with MITRE ATT&CK, threat intelligence feeds, and IOC correlation
• Experience with log parsing, network forensics, and endpoint telemetry
• Scripting knowledge (Python, PowerShell, or Bash) for automating detection and analysis tasks
• Understanding of cloud security (AWS, Azure, GCP) and detection engineering in cloud-native environments is a plus