Senior Threat Detection Engineer

Role Overview

We are seeking a highly skilled and proactive Senior Threat Detection Engineer to join our cybersecurity team. This role is responsible for designing, developing, and continuously improving threat detection capabilities across the organization’s security monitoring platforms. The ideal candidate will have strong hands-on experience in SIEM engineering, detection logic development, and security monitoring tools such as EDR and NDR, with a particular preference for expertise in QRadar.

You will play a critical role in strengthening the organization’s ability to detect, analyze, and respond to advanced cyber threats by building high-quality detection use cases, optimizing alerting mechanisms, and supporting threat hunting initiatives.

Key Responsibilities

1. SIEM Use Case Design & Implementation

• Design, develop, and deploy advanced detection use cases within the SIEM platform to identify potential security threats and anomalies.
• Translate threat intelligence, attack techniques, and business risks into actionable detection logic.
• Ensure use cases align with frameworks such as MITRE ATT&CK and industry best practices.
• Continuously review and enhance existing SIEM content to maintain effectiveness against evolving threats.

2. Correlation Searches & Alert Engineering

• Develop and maintain correlation rules, searches, and alerting logic to identify multi-stage attacks and complex threat scenarios.
• Create meaningful alert conditions that provide actionable insights to SOC analysts.
• Establish thresholds, baselines, and behavioral analytics to improve detection accuracy.
• Ensure alerts are properly enriched with contextual data to facilitate faster investigation and response.

3. Detection Engineering Across Security Tools (EDR, NDR, etc.)

• Build and tune detection use cases across endpoint and network monitoring tools such as EDR and NDR platforms.
• Integrate telemetry from multiple sources to enhance visibility and detection coverage.
• Collaborate with engineering teams to onboard new data sources into the SIEM and other monitoring tools.
• Optimize detection strategies across different layers (endpoint, network, application).

4. Alert Tuning & False Positive Reduction

• Continuously analyze and tune alerts to minimize false positives and reduce alert fatigue within the SOC.
• Conduct root cause analysis of noisy alerts and implement improvements to detection logic.
• Balance sensitivity and accuracy to ensure high-fidelity alerts without missing critical threats.
• Maintain documentation of tuning activities and improvements for audit and knowledge sharing.

5. Threat Hunting Support

• Collaborate with threat hunting teams to develop hypotheses and detection strategies based on emerging threats.
• Convert threat hunting findings into scalable detection use cases.
• Analyze logs and telemetry data to identify indicators of compromise (IOCs) and suspicious behavior.
• Support proactive threat detection initiatives to uncover hidden threats within the environment.

6. Platform Expertise & Optimization (QRadar Preferred)

• Leverage deep expertise in QRadar (or similar SIEM platforms) to build, optimize, and maintain detection content.
• Configure log sources, parsing rules, and event normalization within the SIEM.
• Monitor SIEM performance and ensure optimal system health and efficiency.
• Stay up to date with new features, updates, and best practices related to QRadar and other tools.

• Minimum of 3+ years of experience in cybersecurity, with a strong focus on threat detection engineering or SIEM administration.

• Proven experience designing and implementing SIEM detection use cases.
• Hands-on experience with SIEM platforms (QRadar strongly preferred).
• Experience working with EDR and/or NDR tools and building detection logic within these platforms.
• Strong understanding of security event logs, network traffic, and endpoint telemetry.
• Knowledge of cyber threat landscapes, attack techniques, and adversary behavior.
• Familiarity with frameworks such as MITRE ATT&CK, Cyber Kill Chain, or similar.
• Experience in alert tuning and reducing false positives in a SOC environment.
• Strong analytical and problem-solving skills.