We are looking for Detection Engineer with AI exposure.
Client: Cybersecurity Firm
Company Head office: Dubai, UAE
Employment Type: Full-Time
Role Purpose
Own the technical onboarding and telemetry readiness that powers the MDR service. Ensure every client environment delivers clean, complete, and actionable data into the MDR platform from day one.
Detection Engineering (Core Focus)
Design and develop custom detection rules from scratch using endpoint, network, and cloud telemetry
Translate MITRE ATT&CK techniques into actionable detection logic
Build detections based on:
Process execution patterns
Command-line analysis
Parent-child relationships
DLL loads and memory behaviors
Network anomalies
Threat Behavior Modeling
Analyze attacker tactics, techniques, and procedures (TTPs)
Convert threat intelligence into practical detection use cases
Continuously refine detections to reduce false positives
Detection Implementation
Implement detection logic across platforms such as:
Microsoft Defender for Endpoint
Crowd Strike Falcon
Sentinel One
SIEM tools (e.g., Microsoft Sentinel, Splunk)
Work with:
KQL (Kusto Query Language)
Sigma rules
EDR custom detection frameworks
Threat Hunting & Validation
Proactively hunt for threats using hypothesis-driven approaches
Validate detection rules through:
Simulated attack scenarios
Red team / purple team exercises
Continuous Improvement
Tune detection rules for:
Accuracy
Performance
Scalability
Eliminate alert fatigue by improving signal-to-noise ratio
