الوصف الوظيفي:
أحدث معلومات الوظائف من King Abdullah University of Science and Technology لمنصب Detection Engineer. If the Detection Engineer الشاغرة في المملكة العربية السعودية تتوافق مع مؤهلاتك، يرجى تقديم أحدث طلب أو سيرة ذاتية مباشرة من خلال بوابة وظائف Jobkos المحدثة.
يرجى ملاحظة أن التقديم على وظيفة قد لا يكون سهلاً دائماً، حيث يجب على المرشحين الجدد استيفاء مؤهلات ومتطلبات معينة تحددها الشركة. نأمل أن تكون الفرصة المهنية في King Abdullah University of Science and Technology لمنصب Detection Engineer أدناه تتوافق مع مؤهلاتك.
Job Purpose
The Detection Engineer is responsible for designing, building, and continuously improving our organization's threat detection capabilities. This role translates threat intelligence and adversary tactics into high-fidelity detection logic, conducts proactive threat hunting to identify coverage gaps, and engineers automated detection content across our security stack. The Detection Engineer ensures our security operations can effectively identify malicious activity while minimizing alert fatigue through precision detection engineering.
Detection Development & Engineering
- Design, develop, and deploy detection rules and alerts across multiple security platforms (SIEM, EDR, NDR, cloud security tools).
- Create high-fidelity detections based on threat intelligence, MITRE ATT&CK techniques, and emerging threats.
- Write detection logic using query languages (KQL, SPL, Sigma, YARA, etc.).
- Develop custom parsers and correlation rules for security event data.
- Build detections for both known threats (IOCs) and behavioral/anomaly based patterns.
- Continuously tune and optimize detection rules to reduce false positives while maintaining coverage.
Threat Hunting & Research
- Conduct proactive threat hunting campaigns to identify gaps in detection coverage.
- Analyze adversary tactics, techniques, and procedures (TTPs) to develop new detections.
- Research emerging threats and translate findings into actionable detection content.
- Develop hypotheses and use data analytics to validate or refute threat scenarios.
- Document threat hunting activities, findings, and lessons learned.
Detection Testing & Validation
- Perform regular testing of detection rules using attack simulation and red team exercises.
- Validate detection efficacy against the MITRE ATT&CK framework.
- Use tools like Atomic Red Team, Caldera, or custom scripts to generate test telemetry.
- Measure and report on detection coverage and detection engineering KPIs.
- Conduct purple team exercises in collaboration with offensive security teams.
Data Source Engineering
- Identify and onboard new log sources to improve detection visibility.
- Ensure log quality, completeness, and proper normalization across all data sources.
- Work with IT and engineering teams to configure optimal logging and telemetry.
- Map data sources to MITRE ATT&CK techniques to identify coverage gaps.
- Optimize data ingestion pipelines for detection use cases.
Automation & Tooling
- Develop automation workflows for detection deployment and management (Detection-as-Code).
- Build tools and scripts to streamline detection engineering processes.
- Create automated response playbooks for common detection scenarios.
- Implement continuous integration and continuous deployment (CI/CD) for detection content.
- Integrate threat intelligence feeds into detection platforms.
ITSM & Operational Management
- Manage detection-related incidents, requests, and changes through ITSM workflows.
- Create and track detection engineering work items in ticketing systems (ServiceNow, Jira, etc.).
- Document detection deployments, modifications, and rollbacks following change management processes.
- Participate in problem management to identify and resolve recurring detection issues.
- Maintain accurate CMDB entries for detection rules and security monitoring infrastructure.
- Generate regular reports on detection coverage, effectiveness, and operational metrics.
- Ensure proper SLA compliance for detection development and tuning requests.
Collaboration & Knowledge Sharing
- Partner with SOC analysts to refine detections based on operational feedback.
- Collaborate with incident response teams to develop detections from post incident findings.
- Work with threat intelligence teams to operationalize intelligence into detections.
- Create and maintain detection engineering documentation and runbooks.
- Mentor junior detection engineers and SOC analysts on detection development.
Personal Requirements Competencies
- Analytical thinking and problem solving abilities.
- Strong attention to detail and ability to identify security weaknesses.
- Excellent communication skills for technical and non technical audiences.
- Ability to work under pressure during security incidents.
- Proactive mindset and continuous learning attitude.
- Team collaboration and cross functional coordination.
- Time management and ability to prioritize multiple tasks.
Technical Expertise Detection & Query Languages
- Expert proficiency in at least two query languages: SPL (Splunk), KQL (Kusto/Sentinel), SQL, or similar.
- Experience writing detection rules in Sigma, YARA, Snort/Suricata, or similar formats.
- Ability to translate detection logic across different platforms and formats.
Security Platforms & Tools
- Hands on experience with SIEM platforms (Splunk, Elastic Security, Microsoft Sentinel, Chronicle, QRadar).
- Experience with EDR/XDR solutions (CrowdStrike, SentinelOne, Microsoft Defender, Carbon Black).
- Familiarity with NDR tools (Zeek, Suricata, Corelight) and cloud security platforms.
- Knowledge of SOAR platforms and detection orchestration tools.
Threat Intelligence & Frameworks
- Deep understanding of the MITRE ATT&CK framework and its application to detection engineering.
- Experience operationalizing threat intelligence into actionable detections.
- Knowledge of adversary behavior, TTPs, and attack patterns.
- Familiarity with threat intelligence platforms and feeds.
Programming & Scripting
- Proficiency in Python for automation, data analysis, and tool development.
- Experience with scripting languages (PowerShell, Bash) for detection testing.
- Understanding of data structures, APIs, and RESTful services.
- Familiarity with version control systems (Git) and CI/CD concepts.
Log Analysis & Data Science
- Strong log analysis and parsing skills across multiple data sources (Windows Event Logs, Syslog, cloud logs, network logs).
- Understanding of data normalization, enrichment, and correlation techniques.
- Experience with statistical analysis and anomaly detection methods.
- Knowledge of common log formats (JSON, CEF, LEEF, Syslog).
ITSM & Documentation
- Experience with ITSM platforms (ServiceNow, Jira Service Management, or similar).
- Understanding of ITIL processes (Incident, Change, Problem, Knowledge Management).
- Strong documentation skills and ability to create clear technical runbooks.
- Experience tracking and reporting on security operations metrics and KPIs.
Operating Systems & Networks
- Deep understanding of Windows, Linux, and macOS internals and artifacts.
- Strong knowledge of network protocols, traffic analysis, and packet capture.
- Understanding of authentication protocols (Kerberos, NTLM, SAML, OAuth).
- Familiarity with cloud environments (AWS, Azure, GCP) and their logging mechanisms.
Key Competencies
- Analytical thinking and problem solving abilities.
- Strong attention to detail and ability to identify security weaknesses.
- Excellent communication skills for technical and non technical audiences.
- Ability to work under pressure during security incidents.
- Proactive mindset and continuous learning attitude.
- Team collaboration and cross functional coordination.
- Time management and ability to prioritize multiple tasks.
Qualifications
- Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).
- GIAC Certified Detection Analyst (GCDA).
- Background in threat hunting or security analytics.
Experience
- 3-5 years of experience in security operations, threat detection, or SOC environments.
- Proven experience developing detection rules and content across multiple platforms.
- Contributions to open source detection projects (Sigma rules, YARA rules, etc.).
- Experience with machine learning or behavioral analytics for detection.
- Background in offensive security, penetration testing, or red teaming.
- Experience building Detection as Code pipelines and infrastructure.
- Experience with threat emulation and breach & attack simulation (BAS) tools.
معلومات الوظيفة:
- الشركة: King Abdullah University of Science and Technology
- المنصب: Detection Engineer
- مكان العمل: المملكة العربية السعودية
- الدولة: SA
كيفية تقديم الطلب:
بعد قراءة وفهم المعايير ومتطلبات الحد الأدنى من المؤهلات الموضحة في معلومات الوظيفة Detection Engineer at the office المملكة العربية السعودية أعلاه، أكمل فوراً ملفات طلب الوظيفة مثل خطاب التقديم، السيرة الذاتية، نسخة من الشهادة الجامعية، كشف الدرجات، والملاحق الأخرى كما هو موضح أعلاه. أرسلها عبر رابط الصفحة التالية أدناه.
الصفحة التالية »