Cyber Security Engineer (Detection Content Engineer)

• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent work experience.
• 4+ years of experience in cybersecurity, with a focus on detection engineering or incident response.
• Hands-on experience with Microsoft Sentinel or similar SIEM platforms.
• Proficiency in developing Kusto Query Language (KQL) queries for data analysis and alert creation in Sentinel.
• Strong understanding of security concepts, threat detection methodologies, and incident response processes.
• Relevant certifications (e.g., CISSP, GCIH) are a plus.
• Strong analytical and problem-solving skills with attention to detail.
• Excellent communication skills, both written and verbal.
• Ability to work independently and collaboratively in a fast-paced environment.
• A proactive mindset with a passion for continuous learning and improvement in cybersecurity practices.

Detection Content Development:

• Design, develop, and implement detection rules, alerts, and analytics within Microsoft Sentinel to identify anomalous behavior and potential security incidents.
• Collaborate with threat intelligence teams to incorporate the latest threat indicators and tactics into detection content.
• Conduct regular reviews and tuning of detection rules to minimize false positives and ensure high accuracy in alerting.
• Analyze historical incident data to identify gaps in detection and recommend improvements.

Policy Hygiene Support:

• Identify and review existing security policies related to detection and incident response.
• Collaborate with providers and system owners to adjust policies as necessary to enhance security hygiene and ensure alignment with best practices.
• Ensure that all detection content complies with organizational policies and regulatory requirements.

Incident Response Support:

• Work closely with the Security Operations Center (SOC) team to understand incident response workflows and ensure detection content aligns with operational needs.
• Provide expertise and support during security incidents to refine and improve detection capabilities.

Documentation and Reporting:

• Create and maintain comprehensive documentation for all detection rules, including purpose, logic, and operational procedures.
• Generate reports on detection efficacy and provide insights on trends and emerging threats.

Collaboration and Training:

• Collaborate with cross-functional teams to ensure alignment on security objectives and strategies.
• Provide training and guidance to SOC analysts on detection content and best practices.