This page was automatically translated and may contain errors. View in English.
KAUST (King Abdullah University of Science and Technology)

Detection Engineer

KAUST (King Abdullah University of Science and Technology)

Makkah, Makkah Province, Saudi Arabia · 全职

抢先申请

经验
3-5岁
薪水
职位空缺
1
发布
3小时前
工作模式
在办公室
学历
Bachelor's degree in Computer Science, Information Security or related field
恢复
需要申请

你的工作地点

职位描述

About the Role

The Detection Engineer plays a critical role in enhancing and maintaining the organization's ability to detect security threats. This position involves crafting sophisticated detection logic grounded in threat intelligence and adversary behavior, proactively hunting threats to reveal detection coverage gaps, and automating detection content across various security technologies. The objective is to enable security operations to efficiently identify malicious activities while minimizing false alarms through precise detection engineering.

Key Responsibilities

  • Design, implement, and maintain detection rules and alerts spanning SIEM, EDR, NDR, and cloud security platforms.
  • Develop high-quality detection mechanisms informed by threat intelligence, MITRE ATT&CK framework techniques, and new emerging threats.
  • Author detection logic utilizing languages such as KQL, SPL, Sigma, and YARA.
  • Create custom parsers and correlation rules to process security event data effectively.
  • Build detection rules that cover both known IOCs and behavioral or anomaly-based threats.
  • Refine detection rules to decrease false positives while preserving broad threat coverage.
  • Conduct proactive threat-hunting missions to uncover detection deficiencies.
  • Analyze adversary tactics, techniques, and procedures (TTPs) to guide detection development.
  • Research emerging threats and convert insights into actionable detection content.
  • Formulate hypotheses and leverage data analytics to validate threat scenarios.
  • Document all threat-hunting findings and lessons learned.
  • Test detection rules regularly with simulated attacks and red-team exercises.
  • Validate detections’ effectiveness against the MITRE ATT&CK framework.
  • Utilize tools like Atomic Red Team, CALDERA, or custom scripts to generate test telemetry.
  • Measure detection coverage and key performance indicators related to detection engineering.
  • Partner with offensive security teams in purple-team exercises.
  • Identify and integrate new log sources to bolster detection visibility.
  • Ensure high-quality, complete, and normalized logging across all data sources.
  • Collaborate with IT and engineering teams to optimize logging and telemetry configurations.
  • Map data sources to MITRE ATT&CK techniques to pinpoint and close detection gaps.
  • Enhance data ingestion pipelines to support detection scenarios.
  • Develop automation workflows for deployment and management of detection content (Detection-as-Code).
  • Create tools and scripts to streamline detection engineering tasks.
  • Develop automated response playbooks to address common detection events.
  • Implement CI/CD pipelines to manage detection content lifecycle.
  • Integrate threat intelligence feeds within detection platforms.
  • Manage detection-related incidents, requests, and changes through ITSM processes.
  • Track detection engineering work items using ticketing systems such as ServiceNow or Jira.
  • Keep detailed documentation of detection deployments, updates, and rollbacks following change management procedures.
  • Support problem management by identifying and resolving recurring detection issues.
  • Maintain accurate configuration management database (CMDB) records related to detection and monitoring infrastructure.
  • Generate reports assessing detection coverage, effectiveness, and operational performance.
  • Ensure compliance with service-level agreements (SLAs) concerning detection development and tuning.
  • Collaborate closely with SOC analysts to improve detections based on operational feedback.
  • Work alongside incident response teams to create detections derived from post-incident analyses.
  • Partner with threat intelligence teams to operationalize intelligence for detection purposes.
  • Produce and maintain documentation and runbooks for detection engineering processes.
  • Mentor junior detection engineers and SOC analysts to build team capabilities.

Technical Skills and Competencies

  • Advanced expertise in query languages such as SPL (Splunk), KQL (Sentinel/Kusto), SQL, with the ability to author detection logic in Sigma, YARA, Snort, Suricata, or comparable formats.
  • Hands-on experience with SIEM tools including Splunk, Elastic Security, Microsoft Sentinel, Chronicle, and QRadar.
  • Proficiency with EDR/XDR platforms like CrowdStrike, SentinelOne, Microsoft Defender, and Carbon Black.
  • Familiarity with NDR tools (Zeek, Suricata, Corelight) and cloud security solutions.
  • Knowledge of SOAR platforms and detection orchestration technologies.
  • Deep understanding and application of MITRE ATT&CK framework in detection engineering.
  • Operational experience with threat intelligence and ability to analyze adversary behaviors and attack methods.
  • Programming skills in Python for automation and analytical tool development; experience with PowerShell and Bash for validation tasks.
  • Understanding of APIs, RESTful services, data structures, and version control with Git, including CI/CD workflows.
  • Expertise in log analysis, parsing, normalization, enrichment, and correlation techniques across endpoint, network, cloud, and identity data types.
  • Experience with ITSM tools such as ServiceNow and Jira Service Management, including familiarity with ITIL processes for incident, change, problem, and knowledge management.
  • Excellent documentation capabilities for technical procedures, runbooks, and metrics reporting.
  • Strong knowledge of operating systems internals (Windows, Linux, macOS) and forensic artifacts.
  • Understanding of networking concepts, protocols, authentication mechanisms (Kerberos, NTLM, SAML, OAuth), and security telemetry across AWS, Azure, and GCP.

Required Qualifications

  • Bachelor’s degree in Computer Science, Information Security, or related discipline, or equivalent practical experience.
  • Preferred certification includes GIAC Certified Detection Analyst (GCDA) or similar credentials.

Professional Experience

  • Between 3 to 5 years in roles related to security operations, threat detection, or within SOC environments.
  • Demonstrable success in creating detection rules across disparate platforms.
  • Contributions to recognized open-source detection projects such as Sigma or YARA.
  • Experience in behavioral analytics and machine-learning powered detection methodologies.
  • Exposure to offensive security practices, including red teaming or penetration testing.
  • Experience deploying Detection-as-Code pipelines and working with attack simulation or threat emulation tools.

如果您希望收到回复,请留下您的信息——我们不会将您的信息用于其他用途。

点击浏览拖放,或 粘贴 截图

PNG、JPG、GIF、MP4、WebM、MOV 格式 · 每个文件最大 20MB · 最多 5 个文件

🤖
在线·即时人工智能帮助