Detection Engineer

Detection Engineer

We are looking for a Senior Detection Engineer to join our international cybersecurity team. The person who joins will help build upon the current ATT&CK-based detection manual used by the Getronics Security Operations Center (SOC), and take it to the next level of maturity and capability. Additionally, they will support the day-to-day threat detection work of a team of analysts servicing a wide range of clients across various industries, including Getronics' private / hybrid cloud and internal IT services.

• Develop threat detection rules to identify modern attacker tactics and techniques, working closely with threat intelligence, incident response, security analysts, and infrastructure / security architecture teams.
• Maintain and optimize the existing detection rulebase, applying lifecycle management and deprecating rules where needed.
• Assess ATT&CK coverage to identify detection gaps and improvement opportunities.
• Define and maintain effective detection metrics.
• Support compliance-related use cases as required.
• Create and maintain lists to support correlation rules.
• Design dashboards for specific threat detection use cases and train analysts on their use.
• Provide input into threat hunting activities through the development of efficient search queries.
• Collaborate with business and IT teams to create detection strategies aligned with current and emerging business needs.
• Analyze alert trends and propose improvements.
• Support data collection improvements and maintain configuration management documentation.

• Minimum of 2 years' experience as a Cybersecurity Detection Analyst working with SIEM technologies (QRadar, LogRhythm, Splunk, Elastic Security, InsightIDR, AlienVault OSSIM, etc.).
• Previous experience in other technical cybersecurity roles such as SOC Analyst, Threat Intelligence Analyst, or Pentester.
• Hands‑on experience implementing detection playbooks based on the MITRE ATT&CK framework.
• Strong analytical and problem‑solving skills.
• Solid understanding of the current threat landscape, including common attack vectors and best practices for protecting systems and networks.
• Advanced knowledge or experience with at least two of the following technologies: Python, RegEx, Sigma, YARA.
• Experience fine‑tuning correlation rules for optimal performance.
• Strong communication skills with the ability to document clearly and summarize effectively.
• Fluent English is mandatory due to international team collaboration.
• Structured, goal‑oriented working style.