Senior Detection Engineer

  • Colombo, Sri Lanka
  • Full-Time
  • On-Site
Apply now Refer
Job Description:
  • Design, develop, and maintain security detections across SIEM, XDR, cloud, endpoint, and identity platforms.
  • Build high-fidelity detection rules mapped to frameworks such as MITRE ATT&CK and other threat models.
  • Develop and manage detection-as-code processes, including testing, version control, and automated deployments.
  • Analyze security telemetry from multiple sources and create correlation rules to identify sophisticated attack patterns.
  • Continuously tune and optimize detection logic to improve alert quality and reduce false positives.
  • Research emerging threats, attacker techniques, and malware trends, and translate them into effective detection content.
  • Conduct detection gap assessments and recommend improvements to increase security coverage.
  • Collaborate with SOC, Incident Response, Threat Hunting, and Threat Intelligence teams to enhance detection capabilities.
  • Support post-incident reviews and implement detection improvements based on lessons learned.
  • Validate data quality, log sources, and telemetry availability required for effective threat detection.
  • Develop dashboards, reports, and metrics to measure detection effectiveness, coverage, and performance.
  • Contribute to automation initiatives that improve detection engineering and response workflows.
  • Mentor junior team members and promote detection engineering best practices.

Requirements

  • Bachelor's Degree in Cyber Security, Information Technology, Computer Science, or a related field.
  • 7+ years of experience in Detection Engineering, Threat Hunting, Incident
  • Response, SOC Engineering, or related cyber security roles.
  • Hands-on experience with SIEM and XDR platforms such as Splunk, Microsoft Sentinel, Elastic, Stellar Cyber, or similar.
  • Strong understanding of cyber threats, attack techniques, adversary behavior, and malware analysis.
  • Experience developing detection rules using technologies such as KQL, Sigma, SPL, or equivalent query languages.
  • Strong scripting skills in Python, PowerShell, or similar languages.
  • Experience working with large log datasets and performing investigations using SQL or similar query languages.
  • Knowledge of cloud security concepts across AWS, Azure, or GCP environments
  • Experience with Git, CI/CD pipelines, and Detection-as-Code methodologies.
  • Strong analytical, troubleshooting, and problem-solving skills.
  • Excellent communication and stakeholder management abilities.

Preferred Qualifications

  • Experience with SOAR platforms and automated response workflows.
  • Experience with cloud-native threat detection and monitoring.
  • Hands-on threat hunting experience.
  • Familiarity with detection coverage mapping and security metrics.
  • Industry certifications such as GCIH, GCFA, GCIA, CISSP, or Offensive Security certifications.
  • Contributions to open-source detection content such as Sigma, YARA, or community detection repositories.