Job Description

Minimum Qualifications

  • 6+ years in security engineering, detection engineering, or cloud security with exposure to SaaS and API-based environments.
  • Strong expertise in anomaly detection, behavioural analytics, and applied data science concepts for cybersecurity.
  • Hands-on experience with SIEM, SOAR, and detection-as-code frameworks (., Splunk, OpenSearch, KQL, Sigma).
  • Proficiency in threat hunting methodologies, adversary emulation, and detection in large-scale SaaS/cloud environments.
  • Familiarity with threat intelligence platforms (TIPs), enrichment pipelines, and ATT&CK-based intelligence mapping.
  • Good programming, automation, and data analytics skills.
  • Experience integrating detection pipelines into SaaS applications and microservices.

    • Preferred Qualifications

  • Experience developing analytics pipelines, including AI/ML models for anomaly detection and risk scoring.
  • Exposure to SOC operations, detection content development, and adversary simulation.
  • Deep knowledge of threat intelligence tradecraft (., ATT&CK, Sigma mappings, enrichment, correlation with detection rules).
  • Experience with automated detection tuning and false positive reduction.
  • Familiarity with cloud-native telemetry pipelines.
  • Security certifications: GIAC GCDA/GCFA, GCTI, GCP Security Engineer, AWS Security Specialty, OSCP.

    • 1. SaaS Detection Research & Engineering

  • Develop and refine detection frameworks for SaaS-specific threats (business logic abuse, API misuse, identity-based attacks).
  • Engineer detection-as-code pipelines leveraging Sigma, OpenSearch, and automation frameworks.
  • Incorporate AI/ML-driven anomaly detection techniques where applicable.
  • Continuously reskill and upskill in emerging detection technologies.

    • 2. Proactive Security Controls & Mitigations

  • Implement preventive and adaptive controls to identify SaaS threats before exploitation.
  • Use automation and analytics (including AI-enhanced methods) to accelerate response and reduce MTTD/MTTR.
  • Collaborate with detection and response teams to improve coverage and resilience.

    • 3. Threat Hunting & Intelligence Integration

  • Conduct advanced threat hunting across SaaS telemetry, using both traditional and AI-assisted approaches.
  • Leverage threat intelligence feeds and enrichment pipelines to drive prioritization.
  • Map detection coverage to MITRE ATT&CK and adversary playbooks.
  • Automate ingestion, normalization, and correlation of structured/unstructured TI data.

    • 4. Risk-Based Detection & Security Metrics

  • Build risk-based prioritization models, incorporating AI/ML where beneficial.
  • Provide executive reporting on detection performance, coverage, and efficiency.
  • Quantify detection efficacy by aligning outcomes with business risk and threat impact.

    • 5. Continuous Reskilling & Innovation

  • Lead reskilling initiatives within Detection Engineering, enabling the team to adopt new frameworks, AI/ML methods, and automation.
  • Collaborate with data science teams to explore AI-supported detection content generation and validation.
  • Foster a culture of continuous learning and applied innovation in DE, TH, and TI.

    • Career Level - IC4

    Apply for this Position

    Ready to join ? Click the button below to submit your application.

    Submit Application