- Company Name
- AntemetA
- Job Title
- Detection Engineering SOC H/F
- Job Description
-
Job Title: Detection Engineer SOC
Role Summary:
Design, implement, and evolve threat detection and incident response capabilities within a Security Operations Center. Drive strategic log collection, detection rule development, automation, and client‑specific contextualization to strengthen overall security posture.
Expectations:
- Deliver end‑to‑end detection strategy aligned with MITRE ATT&CK and client risk profile.
- Maintain SOC platforms (SIEM, EDR, NDR, SOAR) at optimal performance and compliance.
- Automate playbooks and reduce alert fatigue.
- Act as technical liaison for clients, providing guidance, metrics, and post‑incident insights.
- Continuously research threats, tools, and emerging SOC technologies.
Key Responsibilities:
1. **Detection Engineering & Strategy**
- Define/log collection policies, integrate diverse log sources, and normalize events.
- Design and evolve detection use cases, correlation rules, and analytics across SIEM/EDR/NDR/Cloud.
- Map coverage to MITRE ATT&CK/Kill Chain; keep mapping updated.
2. **SOC Tooling & Maintenance**
- Create runbooks, playbooks, and SLOs for investigations and mitigations.
- Sustain SOC platforms: performance tuning, capacity planning, backups, and availability.
- Industrialize SOAR playbooks (triage, containment, notification) and automate repetitive tasks.
- Ensure log integrity, retention, and regulatory compliance (GDPR, ISO 27001).
3. **Operations, Investigation & Response**
- Support analysts on complex investigations, tuning, and remediation planning.
- Conduct deep dives into exploits/TTPs; aid incident declaration decisions.
- Participate in on‑call rotations, incident exercises, and purple‑team drills (as required).
4. **Automation & Software Engineering**
- Develop, version, and test scripts in Python, Bash, or PowerShell.
- Implement CI/CD pipelines for detection rules and playbooks with unit tests and QA checks.
- Reduce false positives through deduplication, threshold adjustment, and risk‑based prioritization.
5. **Client Advisory & Reporting**
- Serve as primary technical point of contact for detection and remediation.
- Provide contextual recommendations on coverage, log quality, segmentation, and hardening.
- Produce dashboards (KPI/KRI) and actionable post‑incident reviews.
6. **Threat Intelligence & Innovation**
- Maintain continuous threat and vulnerability watch.
- Test new SOC features/tools and contribute to proof‑of‑concepts.
Required Skills:
- Extensive SOC and threat detection experience.
- Proficiency with SIEM (e.g., Splunk, QRadar), EDR, NDR, SOAR, and log pipelines.
- Strong scripting in Python, Bash, PowerShell; familiar with Git, CI/CD, unit testing.
- Knowledge of MITRE ATT&CK, Kill Chain, and security frameworks.
- Cloud environments (AWS, Azure, GCP) and SaaS log integration.
- Analytical mindset, clear documentation, and communication for non‑technical stakeholders.
- Ability to prioritize across multiple initiatives.
Required Education & Certifications:
- Bachelor’s degree in Computer Science, Cybersecurity, or related field.
- Relevant certifications preferred: GIAC (e.g., GCIEM, GSEC), OSCP, Microsoft SC‑200 (Security, Compliance & Identity).