The detection engineer is responsible for designing, implementing, and continuously validating detection capabilities for CSIRT, working closely with incident responders, threat hunters, and threat intelligence analysts to drive continuous improvement and reduce mean time to detect (MTTD).

Requirements

Develop, test, and maintain detection rules, signatures, and correlation logic in SIEM and related platforms.
Conduct regression testing of detection rules to ensure accuracy, resilience, and functionality following system updates or logic changes.
Perform breach and attack simulations (BAS) to validate detection use cases, tied directly to threat intelligence and adversary TTPs.
Map detection logic to adversary techniques using frameworks such as MITRE ATT&CK and ensure coverage of priority threat scenarios.
Integrate threat intelligence feeds, IOCs, and behavioral patterns into detection workflows.
Regularly tune and refine detection logic to reduce false positives and optimize alert fidelity.
Partner with incident response and threat hunting teams to validate detections, perform purple team exercises, and address detection gaps.
Automate enrichment, correlation, and triage processes through SOAR playbooks and custom scripts.
Implement lessons learned from incidents and simulations into new or improved detections.
Maintain documentation, detection repositories, and test playbooks for operational continuity.
Contribute to SOC metrics, including detection coverage, false positive ratios, regression test outcomes, and BAS validation reports.

Requirements

Develop, test, and maintain detection rules, signatures, and correlation logic in SIEM and related platforms.
Conduct regression testing of detection rules to ensure accuracy, resilience, and functionality following system updates or logic changes.
Perform breach and attack simulations (BAS) to validate detection use cases, tied directly to threat intelligence and adversary TTPs.
Map detection logic to adversary techniques using frameworks such as MITRE ATT&CK and ensure coverage of priority threat scenarios.
Integrate threat intelligence feeds, IOCs, and behavioral patterns into detection workflows.
Regularly tune and refine detection logic to reduce false positives and optimize alert fidelity.
Partner with incident response and threat hunting teams to validate detections, perform purple team exercises, and address detection gaps.
Automate enrichment, correlation, and triage processes through SOAR playbooks and custom scripts.
Implement lessons learned from incidents and simulations into new or improved detections.
Maintain documentation, detection repositories, and test playbooks for operational continuity.
Contribute to SOC metrics, including detection coverage, false positive ratios, regression test outcomes, and BAS validation reports.

Detection Engineer

About the Company

Job Description

Requirements

Similar Jobs

Detection Engineer

Threat Detection Engineer

Detection Engineer

Detection Engineer

About the Company

Job Description

Requirements

Similar Jobs

Detection Engineer

Threat Detection Engineer

Detection Engineer

Job Details

About Philips