Detection Engineer

Are you seeking a role as a Detection Engineer At Orange Cyberdefense you will work together with colleagues specialized in IT and cybersecurity to build a safer digital society. As an employee of a leading company in cybersecurity in Europe you can make a real difference by analyzing and preventing security incidents among some of Swedens largest companies.

How we work

The role of the Detection Engineer is to develop detection methods for our CyberSOC services existing and new with the purpose of defending against current threats.

They have responsibilities of our detection models and will maintain indicators related to our services with their corresponding applications.

During high severity global threats they will react by researching and determining appropriate detection rules.

The role will assist in guiding by providing input to improve the quality of our delivered services.

Key Responsibilities Strategic

Continuously develop our detection models to improve the capabilities and quality.

Monitor the results of our indicators from a global perspective providing suggestions for improvement.

Increase the quality of information presented to analysts and to counteract alert fatigue.

Collaborate with relevant stakeholders to improve the quality and track the development of our services.

Key Responsibilities Tactical/Operational

Develop new indicators for Managed Threat Detection services.

Maintain the Splunk application included in our Managed Threat Detection (Log) service.

Maintain and update our detection library.

Gather statistics and investigate to determine potential improvements.

Continuously test the detection capabilities of our services and related products.

Maintain documentation related to detections and supported services.

Who are you

You have a strong passion for working with Splunk.

You enjoy researching threats and exploring how to detect them with handson experience in writing detections in SPL.

You have a passion for technology and stay current with emerging security trends.

You want to use your blue/red teaming experience to improve our abilities of detecting threats.

Knowledge and Experience

Preferred

3 years of experience as a Security Analyst.

Solid understanding of common threats and TTPs with prior experience working with the MITRE framework (whether through threat hunting or gap analysis).

Experience in creating and tuning detections.

Familiarity with attack frameworks.

Proficiency in SPL and experience working with CIM.

Experience with Splunk components like KV stores data models and other elements used in data normalization.

Understanding the anatomy of a Splunk app with bonus points if youve built one or gained familiarity with its components.

Experience with writing regular expressions.

Experience working with Sysmon including developing and managing rules.

Experience in Python development. You should be able to analyze code and write applications or scripts.

Bonus

Experience in using version control software and CI/CD for managing detection rules.

Experience with Redteaming exercises

Experience in developing and tuning detections in Sentinel Defender and Cortex.

Working with Infrastructure as Code using Terraform.

Our offer

As an employee at Orange Cyberdefense you will get the opportunity to work closely with some of the experts in the field and in an innovative and friendly company where we together contribute to the continued development of the company.

With the latest technology customers in the Nordics region and a growing company supporting you you are given the opportunity to create and contribute to a safer society.

Working at Orange Cyberdefense will give you the chance to develop both personally and professionally. New challenges are our favorite challenges. Orange Cyberdefense has an environment with a high rate of change quick decisionmaking combined with sensitivity to our employees. We believe that by providing an atmosphere where we try to have fun at work and love what we do we will also get the best end results.

How to join us

Join us by sending your application through our application form. The selection is ongoing and the position can be filled before the last application date.

We look forward to receiving your application!