“I am hugely excited about my future and the future of CyberOne. I have enjoyed my time here immensely and have learnt a huge amount in a short space of time, year-for-year I've learnt more here than I have at Microsoft and PwC.” - CyberOne Consultant

About CyberOne:

CyberOne is a pure-play Microsoft security partner dedicated to helping enterprises realise the full value of the Microsoft Security portfolio—across Defender XDR, Sentinel, Entra, Purview, Intune, Copilot for Security and more. We combine deep technical expertise with outcome-driven services that accelerate secure cloud adoption, modernise threat protection and simplify compliance.

Job Title: Cyber Detection Engineer

Location: Remote

Employment Type: Full-time

The Role:

CyberOne helps organisations strengthen their cyber resilience through practical, expert-led security services. We work closely with clients to improve their ability to detect, investigate and respond to threats across modern cloud, hybrid and enterprise environments.

We are looking for a curious and motivated Detection Engineer with a focus on Microsoft Sentinel SIEM to join our growing security engineering team. This is a hands-on role for someone who enjoys solving problems, working with data, and building high-quality detections that help our solutions & clients identify real threats faster.

What you’ll be doing:

As a Detection Engineer, you will be focused on improving detection capability, writing and tuning analytics, working with Microsoft security tooling, and helping shape how CyberOne delivers effective, threat-led monitoring for our clients utilising across Microsoft Sentinel and related Microsoft security products.

You will work closely with security analysts, consultants, engineers and clients to turn threat intelligence, attacker behaviours and operational lessons into actionable detection content.

Your responsibilities will include:

Develop, tune and maintain threat-led detections across Microsoft Sentinel, Microsoft Defender XDR and the wider Microsoft Security ecosystem using KQL and Advanced Hunting.
Perform threat intelligence-led detection engineering by researching emerging threats, vulnerabilities, attacker techniques and active campaigns, then translating relevant findings into practical detections, hunting queries and response guidance.
Building analytics rules, hunting queries, workbooks, automation logic and alert enrichment to improve detection and response outcomes
Work with log sources across Microsoft Defender, Azure, Microsoft 365, Entra ID, identity platforms, firewalls, SaaS tools and other client environments, collaborating with SecOps Engineers to recommend table schema, parsing, normalisation and ingestion optimisation improvements that enhance detection quality and operational efficiency.
Validate and optimise data connectors, log sources, telemetry coverage and Microsoft Content Hub detection capability to ensure detections are reliable, actionable and suitable for CyberOne client environments.
Mapping detections to attacker behaviours, TTPs and frameworks such as MITRE ATT&CK.
Reduce false positives through structured tuning, baselining, alert performance review and feedback from SOC analysts and incident responders.
Helping develop reusable detection content, playbooks and best-practice templates for CyberOne clients.
Collaborating with SOC analysts and incident responders to improve triage quality and investigation workflows.
Producing clear documentation for detections, use cases, data requirements, assumptions and response guidance.
Support client workshops and technical discussions around detection coverage, Sentinel maturity, Defender XDR adoption, unified SecOps and monitoring / detection strategy.
Keep up to date with emerging threats, Microsoft security capabilities, Defender XDR enhancements and detection engineering techniques.

You will work with the freedom to suggest improvements, champion developments, and enhance how CyberOne identifies threat for all our clients.

What we’re looking for:

We are open to candidates from different backgrounds. You may already be working in detection engineering, SOC engineering, security operations, cloud security, incident response or Microsoft security consulting. You might also be an analyst who enjoys KQL, automation and improving how detections work. You should have a solid understanding of cyber security fundamentals as well as a strong interest and understanding in using data to identify suspicious behavioural patterns.

Ideally, you will be able to demonstrate experience with some of the following:

Hands-on experience with Microsoft Sentinel or another SIEM platform.

Experience writing KQL queries for detection, investigation or reporting.

Understanding of Microsoft Defender products, such as Defender for Endpoint, Defender for Office 365, Defender for Cloud or Defender for Identity.

Familiarity with Azure, Entra ID, Microsoft 365 and common cloud security log sources.

Knowledge of security monitoring concepts, alert logic, false positive tuning and detection lifecycle management.

Interest in attacker behaviours, persistence techniques, lateral movement, credential abuse and common cloud attack paths.

Awareness of frameworks such as MITRE ATT&CK, Cyber Kill Chain or similar.

Ability to document technical work clearly and explain detection logic to both technical and non-technical audiences.

Basic scripting or automation skills, for example PowerShell, Python, Logic Apps or similar.

A collaborative mindset and willingness to work with analysts, engineers, consultants and clients.

Nice to have:

The following would be useful, but they are not essential:

Microsoft certifications such as SC-200, AZ-500, SC-100 or SC-900.

Experience with Sentinel as code, CI/CD pipelines, ARM, Bicep, Terraform or Git-based content management.

Experience building Sentinel workbooks, playbooks or automation rules.

Exposure to SOAR processes and incident response automation.

Experience with threat hunting or purple-team-style detection validation.

Familiarity with Sigma, YARA, structured detection content or detection-as-code approaches.

Experience working in an MSSP, consultancy or client-facing security environment.

Knowledge of statistics, data science, AI or machine learning as applied to cyber security.

The kind of person who will succeed:

You will do well in this role if you are naturally curious, comfortable working through messy data, and motivated by improving how security teams detect real threats. You should enjoy asking “what would an attacker do?” and turning that thinking into reliable, practical detection content.

We value people who are proactive, thoughtful and willing to learn. You do not need to know everything on day one, but you should be comfortable researching unfamiliar technologies, testing ideas and improving your work based on feedback.

Why Join Us?

Work with cutting-edge Azure technologies and drive cloud transformation projects.

Be part of a dynamic team that values innovation, collaboration, and technical excellence.
Competitive compensation, career growth opportunities, and access to continuous learning and certifications.
Opportunity to work on impactful cloud initiatives across various industries.

Why CyberOne:

Elite positioning: Microsoft Security Partner, CREST & NCSC-certified
Access to cutting-edge MXDR platform & proprietary SecOps tools
No glass ceilings: rapid growth, fast-track leadership opportunities
Culture-first: bold values, open feedback, and relentless innovation

What’s In It for You:

Flexible working hours & remote-first culture
Birthday off, long-service awards
Bi-annual performance awards and team off-sites
Structured training, technical exposure, and career pathing

💡 Let’s redefine what it means to be secure. Together.

#CyberDefenders

Cyber Detection Engineer

Job Description - Cyber Detection Engineer

About the Company

Similar Cyber Detection Engineer Jobs in the Philippines

Mobile Apps