Job description

We are looking for a colleague for our international partner company for the following position:

Detection and Response Engineer

Responsibilities:

  • Owning the end-to-end detection pipeline, including log source onboarding, normalization, parsing and correlation rule development targeting identity abuse, privilege escalation, data exfiltration and device posture anomalies.
  • Integrating threat intelligence and security signals to enrich and prioritize detections, including identity, email, collaboration and external threat intel sources.
  • Managing detection tuning activities by maintaining a false‑positive backlog, tracking detection performance and continuously improving signal quality using clear KPIs.
  • Designing and implementing safe, controlled automation workflows to support rapid threat containment with clear approval steps, rollback mechanisms and ticket updates.
  • Monitoring detection visibility and ingestion health to ensure reliability and prevent silent failures, and publishing regular signal health summaries.
  • Conducting proactive threat hunting activities, maintaining hunt playbooks and promoting validated hunts into production-grade detections.
  • Ensuring all acted-on alerts are tracked through Jira with ownership, SLA and evidence, and contributing data to executive-level security reporting.

Requirements:

  • 3–6 years of experience in detection engineering or SIEM operations, including rule authoring, tuning and log parsing or normalization.
  • Hands-on experience with modern SIEM platforms such as Chronicle, Splunk, Elastic or similar, with strong understanding of detection logic and signal quality.
  • Practical experience with SOAR or security automation, including staged rollouts, approvals and rollback practices.
  • Familiarity with identity and access security signals, endpoint detection and response, cloud or SaaS security logs and CSPM findings used as detection context.
  • Strong troubleshooting, documentation and analytical skills with a focus on measurable outcomes.
  • Scripting experience for automation and integration tasks, preferably using Python or a similar language.
  • Ability to work in a lean, cross-functional environment and participate in an on-call rotation as needed.
  • Good English language communication skills.

Advantages:

  • Opportunity to design and evolve high-impact security detections in a technology-driven organization.
  • Exposure to modern security analytics, SOAR automation and cloud-oriented security challenges.
  • Direct influence on detection quality, response speed and executive-level security visibility.
  • Close collaboration with SOC analysts and global security stakeholders.
  • Continuous learning in a fast-evolving threat landscape with room for innovation.

What our partner company offers:

  • Competitive compensation package.
  • International corporate environment with strong engineering culture.
  • Hybrid working model with up to two remote workdays per week.
  • Comprehensive benefits package, including healthcare, wellbeing support and learning opportunities.
  • Long-term career development within a technology-focused investment firm.