Associate Detection Engineer

Social network you want to login/join with:

Our Global Detection Engineering Team provides detection capabilities for various security products used in our 24/7 managed monitoring service with customers worldwide. This role involves joining our detection engineering team, focusing on developing and maintaining detection capabilities. You will utilize our latest Threat Intelligence and your creativity to craft detection logic for our clients. Prior detection engineering experience is not mandatory; we welcome candidates from diverse backgrounds, and responsibilities can be tailored to your skills. Partial matches are encouraged to apply.

The Opportunity

• Develop and enhance detection logic for our content repository.
• Improve existing detection methods.
• Create and maintain detection test cases.
• Review findings from TI, CERT, and Red Team activities to improve detection strategies.

Key Accountabilities

• Research data sets and potential IOCs for distribution.
• Use tools and techniques to gather data.
• Analyze log sources and data sets.
• Write detection rules and alert logic.
• Develop testing procedures for detection logic.
• Monitor test outputs and troubleshoot bugs.
• Maintain system and data health.
• Add global filters based on operational feedback.
• Deploy new analytics regularly.
• Ensure detection lookups are consistent with new tools and versions.
• Keep work updated and properly tracked.
• Possess a general security background or education.
• Understand testing methodologies.

OR

• Have proven experience in analytically-minded IT or Network Administration, seeking a career shift to Security.

AND

• Excellent communication skills, both oral and written.
• Ability to collaborate with client engagement teams and colleagues.
• Good understanding of IT systems and platforms from a security perspective.
• Background in network security.
• A security mindset with knowledge of attack tactics and techniques.
• Forensics or Incident Response experience is a plus.
• Knowledge of current security threats or eagerness to learn.
• Experience with attack simulation; certifications like CEH or OSCP are a bonus.
• Experience with Endpoint or Network monitoring.
• Familiarity with SIEM tools like Splunk or Microsoft Sentinel.
• Proficiency in scripting languages such as PowerShell, Python, Bash.
• Experience with version control systems like Git or Azure DevOps.

And knowledge of one or more of the following:

• Cloud technologies like Azure.
• Windows Active Directory.

Ways of working

Focus on clients and customers.

Work collaboratively as One NCC.

Be inclusive and respectful.

Deliver excellent results.

About NCC Group

Our mission is to create a more secure digital future. We partner with clients across various industries, securing new products and technologies, and solving complex security challenges. As leaders in cyber security, NCC Group values its people and is committed to an inclusive, supportive environment that promotes growth, learning, and well-being. We offer comprehensive benefits, wellness programs, and flexible work arrangements.

What we offer in return

A high-performance culture balanced with world-class well-being initiatives and benefits.