Content Detection Engineer

Job Description

Role

We are seeking a Detection Content Engineer with experience in SOC environments, specializing in SIEM/XDR platforms, detection engineering, and AI-driven threat detection. The ideal candidate has a proven track record in improving detection accuracy, expanding MITRE ATT&CK coverage, and driving AI adoption to enhance SOC effectiveness.

The role requires an expertise in SIEM technologies, Network infrastructures, cloud environments (AWS, Azure, GCP), advanced detection engineering, machine learning concepts, AI-driven security use cases, dashboarding, detection rule lifecycle management, and high-quality documentation.

Security threats have increased drastically in the last few years and organizations are facing an increasingly complex threat landscape.

As a cybersecurity expert, he/she will play a key role in strengthening the SOC detection posture, designing and evolving robust detection strategies, and contributing to the development of modern, resilient cyber defense mechanisms.

The person will have the opportunity to work with a highly dynamic and motivated team and a high level of security solutions.

The Cybersecurity expert will report to the SOC Manager.

Responsibilities
Within the Cyber Defense Center, Cybersecurity Content Engineer will:

•Drive continuous improvement of detection capabilities through regular evaluation of existing rules, dashboards, and use cases to identify gaps and optimization opportunities.
•Adoption of AI and advanced analytics to enhance detection accuracy, reduce false positives, and improve signal quality across the SOC.
•Design, fine-tune, and optimize detection logic by adjusting rules, thresholds, KPIs, correlations, and whitelisting to improve precision and coverage.
•Expand and maintain MITRE ATT&CK coverage, mapping existing detections and designing new use cases aligned with evolving adversary techniques.
•Continuously assess detection effectiveness and content performance, leveraging metrics and feedback from SOC operations to drive iterative improvements.
•Collaborate closely with Run, Content, Automation, Forensics, CTI and Purple Team to translate operational needs and threat intelligence into actionable detection strategies.
•Stay ahead of emerging threats, attack techniques, and defensive technologies, proactively evolving detection content and strategies.
•Mentor and support junior team members, promoting best practices in detection engineering and fostering a strong knowledge-sharing culture.
•Contribute to continuous learning initiatives, workshops, and internal knowledge-sharing sessions to strengthen team expertise and technical maturity.

AI Adoption & Advanced Detection Initiatives:

•Spearhead AI adoption initiatives to enhance detection and response capabilities, driving innovation in how threats are identified and investigated.
•Leverage machine learning and advanced analytics features within the SIEM/XDR ecosystem to improve detection fidelity and reduce noise.
•Work with cross-functional teams to identify high-value AI use cases, ensuring alignment with real operational challenges and threat scenarios.
•Evaluate and experiment with emerging AI-driven security technologies, contributing to proof-of-concepts and strategic recommendations.
•Promote an AI-first mindset within the detection and content teams, helping shift from rule-based approaches to more adaptive, behavior-driven detection models.

Participate in Strategic & Technical Projects

•Participate in AI adoption initiatives to enhance detection capabilities, fostering strong cross-functional collaboration across teams.
•Contribute to security improvement projects aimed at strengthening the overall detection, response, and automation capabilities of the SOC.
•Work closely with Purple Team and Threat Intelligence teams to integrate intelligence-driven insights into SIEM content and detection engineering.
•Contribute to CI/CD pipelines and SOAR automation initiatives to improve deployment efficiency and operational scalability.
•Develop and maintain high-quality documentation (playbooks, SOPs, user guides) to support content lifecycle, build processes, and SOC operations.
•Participate in proof-of-concepts and evaluations of innovative security solutions to assess their value and integration potential.
These activities are non-exhaustive and can evolve according to operational needs.

Requirements:

•Cybersecurity professional with experience in SOC and detection engineering, specializing in SIEM/XDR platforms (Elastic, Microsoft Sentinel, Microsoft Defender XDR) and cloud environments (AWS, Azure, GCP).
•Expertise in detection engineering and SIEM content development, including advanced use cases, correlations, dashboards, and machine learning-based detections.
•Experience leveraging AI and advanced analytics to improve detection accuracy, reduce false positives, and enhance threat visibility across complex environments (Jupyter Notebook, UEBA, msticpy, datalake)
•Knowledge of cybersecurity frameworks and models, including MITRE ATT&CK, Cyber Kill Chain, and threat intelligence-driven detection design.
•Understanding of adversary techniques, attack vectors, and exploitation methods, supported by hands-on exposure to ethical hacking methodologies and offensive tools.
•Background in security operations and threat detection across endpoint, network, cloud, identity, and email attack surfaces.
•Advanced analytical, problem-solving, and critical-thinking skills, able to translate complex threats into actionable detection strategies.
•Comfortable with Python and PowerShell to support detection logic, automation design, and analysis workflows.
•Experienced in mature SOC environments, working closely with CTI, Forensics, Purple Team, and Automation teams.
•Bachelor’s degree in Computer Science, IT Security, or equivalent experience.
•Experience in transport / shipping / logistics environments is a plus.
•Certifications are a plus:

CEH – EC-Council
ECSA – EC-Council
CompTIA CySA+
CIH
OSCP
Microsoft SC-200
SANS certifications

You also possess the following qualities:

•Highly motivated and willing to learn
•Autonomy and proactive behavior
•Great understanding of the device’s security logs
•Analysis and synthesis capacity
•Strong ability to work and interact with management, business customers, functional & technical oriented teams
•Discretion with regard to sensitive matters