Minimum Qualifications
- 6+ years in security engineering, detection engineering, or cloud security with exposure to SaaS and API-based environments.
- Strong expertise in anomaly detection, behavioural analytics, and applied data science concepts for cybersecurity.
- Hands-on experience with SIEM, SOAR, and detection-as-code frameworks (e.g., Splunk, OpenSearch, KQL, Sigma).
- Proficiency in threat hunting methodologies, adversary emulation, and detection in large-scale SaaS/cloud environments.
- Familiarity with threat intelligence platforms (TIPs), enrichment pipelines, and ATT&CK-based intelligence mapping.
- Good programming, automation, and data analytics skills.
- Experience integrating detection pipelines into SaaS applications and microservices.
Preferred Qualifications
- Experience developing analytics pipelines, including AI/ML models for anomaly detection and risk scoring.
- Exposure to SOC operations, detection content development, and adversary simulation.
- Deep knowledge of threat intelligence tradecraft (e.g., ATT&CK, Sigma mappings, enrichment, correlation with detection rules).
- Experience with automated detection tuning and false positive reduction.
- Familiarity with cloud-native telemetry pipelines.
- Security certifications: GIAC GCDA/GCFA, GCTI, GCP Security Engineer, AWS Security Specialty, OSCP.
SaaS Detection Research & Engineering
- Develop and refine detection frameworks for SaaS-specific threats (business logic abuse, API misuse, identity-based attacks).
- Engineer detection-as-code pipelines leveraging Sigma, OpenSearch, and automation frameworks.
- Incorporate AI/ML-driven anomaly detection techniques where applicable.
- Continuously reskill and upskill in emerging detection technologies.
Proactive Security Controls & Mitigations
- Implement preventive and adaptive controls to identify SaaS threats before exploitation.
- Use automation and analytics (including AI-enhanced methods) to accelerate response and reduce MTTD/MTTR.
- Collaborate with detection and response teams to improve coverage and resilience.
Threat Hunting & Intelligence Integration
- Conduct advanced threat hunting across SaaS telemetry, using both traditional and AI-assisted approaches.
- Leverage threat intelligence feeds and enrichment pipelines to drive prioritization.
- Map detection coverage to MITRE ATT&CK and adversary playbooks.
- Automate ingestion, normalization, and correlation of structured/unstructured TI data.
Risk-Based Detection & Security Metrics
- Build risk-based prioritization models, incorporating AI/ML where beneficial.
- Provide executive reporting on detection performance, coverage, and efficiency.
- Quantify detection efficacy by aligning outcomes with business risk and threat impact.
Continuous Reskilling & Innovation
- Lead reskilling initiatives within Detection Engineering, enabling the team to adopt new frameworks, AI/ML methods, and automation.
- Collaborate with data science teams to explore AI-supported detection content generation and validation.
- Foster a culture of continuous learning and applied innovation in DE, TH, and TI.
