8 Detection Engineering Jobs

Essential Services : Role & Location fungibility At ICICI Bank, we believe in serving our customers beyond our role definition, product boundaries, and domain limitations through our philosophy of customer 360-degree. In essence, this captures our belief in serving the entire banking needs of our customers as One Bank, One Team . To achieve this, employees at ICICI Bank are expected to be role and location-fungible with the understanding that Banking is an essential service . The role descriptions give you an overview of the responsibilities, it is only directional and guiding in nature. About the role: As a SOC Analyst - Detection Engineering in the banks security operations center (SOC), the individual will be responsible to strengthen the creation and optimization of Analytical rules and alerts configured in the banks SIEM platform. Key Responsibilities: Business Understanding: Accountable to ensure all security anomalous activities are detected by the banks SIEM platform and false positives are kept to a minimum. You will be responsible to build analytical correlational rules in the banks SIEM platform covering network, systems and endpoints, cloud (SAAS, IAAS and PAAS) and applications (both COTS and internally developed). Collaborate: Verify the ingested logs and ensure log parsing to normalize the events. Implement a testing methodology to test the alerts configured and obtain sign off before releasing into production. Provide expert guidance and support to the security operations team in the use of for threat hunting and incident investigation. Analyzing the detected Incidents to identify lessons learned to improve response processes and make recommendations for enhancing security posture. Reporting: Develop and maintain documentation for Analytical rules processes and procedures. Stay Up to date with the latest trends and developments in cybersecurity and SIEM technologies and recommend improvements to the organization security posture. Qualifications & Skills Educational Qualification: Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent with experience in cloud security with any of the following - Microsoft Azure, Google cloud, Ability to develop and implement security policies, procedures and best practices. Experience: At least 5 years of experience working as a SOC analysts responsible to create SIEM rules/alerts. Hands-on experience in creation of security alerts in any of the commonly used SIEM solutions is a must. Certifications: SIEM Certification from any of the leading SIEM OEMs Splunk, Palo Alto, Securonix, LogRhythm, etc,. CEH or CISSP CCNA Security and/or any of the Cloud security certifications (AWS, GCP, Azure, OCI). Compliance: Knowledge of Networking components, Servers (RHEL, Windows, etc.) and Endpoints, cloud infrastructure along with Machine learning models used for detection of security alerts. Knowledge of various log types, event parsing and ingestion mechanisms across Systems, networks, cloud and commonly used applications in banks. Communication Skills: Excellent communication and interpersonal skills. Synergize with the Team: Working with the designated bank personnel to ensure alignment with RBI guidelines on detection of security alerts applicable to banks. Should have strong understanding of cybersecurity principles, threat detection and incident response. About the Business Group ICICI Bank’s Information Security Group believes in providing services to its customers in the safest and secured manner, keeping in mind that data protection for its customers is as important as providing quality banking services across the spectrum. The CIA triad of Confidentiality, Integrity, and Availability is built on the vision of creating a comprehensive information security framework. The Bank also lays emphasis on customer elements like protection from phishing, adaptive authentication, awareness initiatives, and provide easy to use protection and risk configuration ability in the hands of customers. With this core responsibly, ICICI administer and promotes on going campaigns to create awareness among customers on security aspects while banking through digital channels.

You are a Cybersecurity Implementation Engineer with at least 2 years of relevant experience, specializing in customer parser development, Yara rules creation, playbook implementation, and data ingestion techniques. In this role, you will be involved in designing and implementing cutting-edge cybersecurity solutions while collaborating with a team of skilled professionals. Your responsibilities will include developing custom parsers to extract and normalize data from various sources, designing and maintaining Yara rules for threat detection, creating playbook automation for incident response, and implementing data ingestion pipelines for analyzing security data. You will work closely with cross-functional teams to understand customer requirements, identify emerging threats, and provide technical support during security incident response activities. To qualify for this position, you should hold a Bachelor's degree in Computer Science, Information Security, or a related field. You must have hands-on experience in cybersecurity, data analysis, detection engineering, and implementing custom parsers for log and data normalization. Proficiency in creating and managing Yara rules, designing playbook automation, and utilizing tools like Demisto and Phantom is essential. Additionally, you should be familiar with data ingestion technologies, SIEM solutions such as Splunk and ELK, and possess excellent analytical, troubleshooting, and communication skills. If you are a dedicated cybersecurity professional with expertise in customer parser development, Yara rules creation, playbook implementation, and data ingestion techniques, we invite you to join our team. Help us in our mission to safeguard our organization and customers from cyber threats by sharing your updated profile at naveen.vemula@netenrich.com.,

Agoda is an online travel booking platform that connects travelers with a global network of 4.7M hotels and holiday properties worldwide, as well as flights, activities, and more. As part of Booking Holdings and based in Asia, Agoda has a diverse team of 7,100+ employees from 95+ nationalities across 27 markets. The work environment at Agoda is characterized by diversity, creativity, and collaboration, fostering a culture of experimentation and ownership to enhance the travel experience for customers. The Security Department at Agoda oversees security, compliance, GRC, and security operations to ensure the safety and protection of the company and its employees. As a member of the Security Operations (SecOps) Team, you will be at the forefront of designing, implementing, and maintaining cutting-edge security solutions to safeguard Agoda's large-scale global environment. This role offers the opportunity to work with advanced security tools, collaborate across multiple teams, and contribute directly to Agoda's mission of secure, seamless travel for millions of users worldwide. Key responsibilities in this role include implementing and managing secure cloud deployments across AWS, Azure, and GCP using Infrastructure-as-Code (IaC) tools like Terraform, identifying and remediating misconfigurations in cloud resources, providing expert guidance on cloud architecture and deployment strategies, and utilizing advanced tools for monitoring, detecting, and mitigating security threats. Additionally, you will be expected to develop scalable solutions using programming languages like Python and Go, design automated workflows to enhance threat detection capabilities, and establish secure practices for Kubernetes environments and CI/CD pipelines. To succeed in this role, you should have a minimum of 4 years of experience in a hands-on information security role, expertise in IDP/IAM solutions, familiarity with Microsoft security tools, proficiency in programming languages for automation tasks, and experience in managing cloud environments such as AWS, Google Cloud, or Azure. Effective communication skills are essential for conveying complex security concepts clearly to various stakeholders. Agoda offers a relocation package for those interested in moving to Bangkok, Thailand, along with a range of benefits including a hybrid working model, WFH set up allowance, remote working opportunities, employee accommodation discounts, a diverse global team, annual CSR/volunteer time off, and access to various subscription services and support programs. Agoda is an Equal Opportunity Employer and keeps applications on file for future vacancies. Please note that Agoda does not accept third-party resumes and is not responsible for any fees related to unsolicited resumes. For more details, please refer to the privacy policy.,

About the role: As a SOC Analyst - Detection Engineering in the banks security operations center (SOC), the individual will be responsible to strengthen the creation and optimization of Analytical rules and alerts configured in the bank’s SIEM platform. Key Responsibilities: Business Understanding Accountable to ensure all security anomalous activities are detected by the banks SIEM platform and false positives are kept to a minimum. You will be responsible to build analytical correlational rules in the banks SIEM platform covering network, systems and endpoints, cloud (SAAS, IAAS and PAAS) and applications (both COTS and internally developed). Collaborate Verify the ingested logs and ensure log parsing to normalize the events. Implement a testing methodology to test the alerts configured and obtain sign off before releasing into production. Provide expert guidance and support to the security operations team in the use of for threat hunting and incident investigation. Analyzing the detected Incidents to identify lessons learned to improve response processes and make recommendations for enhancing security posture. Reporting Develop and maintain documentation for Analytical rules processes and procedures. Stay Up to date with the latest trends and developments in cybersecurity and SIEM technologies and recommend improvements to the organization security posture. Qualifications & Skills Educational Qualification Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent with experience in cloud security with any of the following - Microsoft Azure, Google cloud, Ability to develop and implement security policies, procedures and best practices. Experience At least 5 years of experience working as a SOC analysts responsible to create SIEM rules/alerts. Hands-on experience in creation of security alerts in any of the commonly used SIEM solutions is a must. Certifications SIEM Certification from any of the leading SIEM OEMs Splunk, Palo Alto, Securonix, LogRhythm, etc,. CEH or CISSP CCNA Security and/or any of the Cloud security certifications (AWS, GCP, Azure, OCI). Compliance Knowledge of Networking components, Servers (RHEL, Windows, etc.) and Endpoints, cloud infrastructure along with Machine learning models used for detection of security alerts. Knowledge of various log types, event parsing and ingestion mechanisms across Systems, networks, cloud and commonly used applications in banks. Communication Skills Excellent communication and interpersonal skills. Synergize with the Team Working with the designated bank personnel to ensure alignment with RBI guidelines on detection of security alerts applicable to banks. Should have strong understanding of cybersecurity principles, threat detection and incident response.

What You'll Do Avalara, Inc. is the leading provider of cloud-based software that delivers a broad array of compliance solutions related to sales tax and other transactional taxes. What is it like to work at Avalara? Come find out! We are committed to the following success traits that embody our culture and how we work together to accomplish great things: Fun. Passion. Adaptability. Urgency. Simplicity. Curiosity. Humility. Ownership. Optimism. Avalara is looking for Detection Engineer to join the Detection and Response Team. The ideal candidate will have a track record in incident response, demonstrating advanced technical expertise and leadership capabilities. Your role will be of an Incident Response Analyst, you will help protect Avalara. This includes detecting, investigating, and mitigating security incidents. You will also be a key contributor in improving our incident response capabilities. You will report to Security leadership at Avalara. This is a remote position. #LI-Remote What Your Responsibilities Will Be You will perform incident response activities and workstreams as the Incident Response Senior Analyst. You will monitor security systems, including Intrusion Detection Systems (IDS), Endpoint Detection and Response (EDR) platforms, software firewalls, and Security Information and Event Management (SIEM) platforms. Gather and analyze evidence from affected systems, logs, and network traffic. You will conduct detailed investigations of security incidents to determine the root cause, scope, and impact. Document all aspects of security incidents, including timelines, actions taken, and lessons learned. Perform forensic analysis of compromised systems to identify the techniques and tactics used by attackers, or as directed by Legal. Collaborate with cross-functional teams including Engineering, IT, Security Operations, Legal, HR, and Compliance to manage and mitigate incidents. Strengthen KPIs and metrics for measuring response effectiveness and provide clear and consistent reporting to internal stakeholders. Participate in rotating On Call shifts that utilize a paging system in case a security event requires attention. What You'll Need to be Successful 5+ years experience in Security Incident Response. Experience across the information security domain, including familiarity with endpoint, email, network, cloud security, vulnerability management, incident response, and threat intelligence. Experience with log analysis, network security, digital forensics, and incident response investigations. Ability to script code using Python or an equivalent language. Bachelor's degree in computer science, information security, or relevant experience. Certifications related to digital forensics and incident response

Job description Role Overview: Were looking for a Email Security Researcher to join our Email Security Research Team. In this role, you will focus on identifying and mitigating advanced email-borne threatsspam, Business Email Compromise (BEC), vishing, and targeted impersonation campaigns. Youll leverage open-source and commercial tools, develop detection rules, and collaborate with global SOC teams to continuously improve our email threat-detection capabilities. Key Responsibilities: Threat Analysis & Hunting: Review large volumes of email traffic to identify malicious patterns, emerging spam campaigns, BEC tactics, vishing attempts, and impersonation fraud. Perform root-cause analysis on incidents and produce actionable intelligence. Rule Development & Tuning: Author and maintain detection signatures in Snort, YARA, ClamAV, and SpamAssassin. Optimize rule performance to minimize false positives/negatives. Automation & Tooling: Develop Python scripts and serverless functions (AWS Lambda or GCP Cloud Functions) to automate email parsing, feature extraction, and alerting. Integrate detection engines into SIEM and SOAR platforms. Collaboration & Reporting: Work closely with SOC analysts, incident responders, and product teams to triage alerts, refine workflows, and deploy new detection logic. Communicate findings and recommendations through clear technical reports and dashboards. Continuous Improvement: Stay current on attacker tactics (TTPs), new phishing/vishing toolkits, and protocol-level evasion techniques (e.g., sender forging, DMARC bypass). Contribute to threat-intel feeds and internal knowledge bases. Basic Qualifications: Experience: 5-8 years total with 35 years in email security research or detection engineering, with a focus on spam, BEC, vishing, and impersonation. Tools & Technologies: Rule engines: Snort, YARA, ClamAV, SpamAssassin Scripting: Python (experience with email libraries imaplib, email, etc.) Cloud platforms: AWS or GCP (Lambda/Functions, serverless compute, storage) Email Protocols & Forensics: Proficient with SMTP, MIME, DKIM, DMARC, SPF, and email header analysis. Analytical Skills: Strong capability to sift through raw logs and MIME bodies to uncover malicious indicators. Communication: Clear written and verbal skills to document findings for technical and non-technical audiences. Preferred Qualifications: Machine Learning & Analytics: Hands-on experience applying ML or statistical methods to email threat detection (e.g., feature engineering, anomaly detection, clustering). Global SOC Environment: Prior work in a 247 Security Operations Center supporting multi-region email volumes. Threat Intelligence Integration: Familiarity with integrating open-source or commercial intel feeds into detection pipelines. Scripting & Infrastructure as Code: Experience with Terraform, CloudFormation, or similar for automated deployment of detection infrastructure.

Investigate, hunt, and lead escalated incident response using advanced threat detection from SIEM, EDR, NDR platforms. Develop and manage custom detection use cases aligned to threat frameworks and customer environments. Key Responsibilities: Monitoring, Investigation & Triage Triage and correlate alerts from SIEM (QRadar/Sentinel), EDR, and NDR Identify lateral movement, C2 activity, and data exfiltration Lead incident investigations and initiate containment measures Threat Hunting & Detection Engineering Proactive hunting using logs, flow data, and behavior analytics Apply MITRE ATT&CK for hypothesis-driven hunts Develop, test, and optimize custom detection rules Maintain a backlog aligned with emerging threats Tool Proficienc y SIEM: Advanced KQL/AQL queries, rule tuning, alert optimization EDR: Defender for Endpoint binary/process analysis, endpoint containment NDR: Darktrace/LinkShadow behavioral baselining, detection logic SOAR: Sentinel Playbooks / Cortex XSOAR for automated workflows Cloud Security: Azure AD alerts, MCAS, Defender for Cloud, M365 Defender Threat Intelligence Integration IOC/TTP enrichment Threat intel feed integration Contextual alert correlation Reporting & RCA Draft technical incident reports and RCAs Executive-level summaries for major incidents Cloud Security (Optional): Investigate alerts like impossible travel, app consent abuse Respond to cloud-native security incidents using Defender for Cloud, MCAS Create advanced SOAR workflows and playbook Tool Familiarity QRadar Microsoft Sentinel Microsoft Defender for Endpoint LinkShadow or Darktrace EOP/Exchange protection Antivirus platforms Defender for Identity / Defender for Cloud Advanced SOAR workflows (Sentinel playbooks / Cortex XSOAR) Network forensic tools like Wireshark / Zeek Certifications (Preferred): GCIH / GCIA / CEH Microsoft SC-200 / SC-100 QRadar Admin or equivalent Shift Readiness: 24x7 rotational shifts, including on-call support for escalations and major incidents Soft Skills: Strong analytical and documentation skills Proactive communicator Independent problem-solver and critical thinker

Scope: We are looking for a dynamic and strategic Vice President of Cyber Defense to lead our global cyber defense and incident response capabilities. This executive leader will own the detection, response, and mitigation of cyber threats, ensuring our organization is resilient in the face of a rapidly evolving threat landscape. The ideal candidate brings deep expertise in threat detection, SOC operations, incident response, and threat intelligence. This leader will partner across the business to build and maintain a world-class cyber defense program that proactively protects the company's assets, data, and reputation. Key Responsibilities: Cyber Defense Strategy & Operations: Develop and execute the company's cyber defense strategy, aligning with enterprise risk, compliance, and business objectives. Work with key stakeholders and business lines to ensure detection and response meet NIST CSF minimum baselines for global security operations and response. Lead 24/7/365 operations based on business need partner with Global Command and Site Reliability Teams to ensure baseline for all customer facing incidents, and internal company wide incidents are coordinated in a centralized operation center follow the sun model. Lead the global Security Operations Center (SOC), including 24/7 monitoring, detection, analysis, and response to cyber threats. Build out capabilities for detection and response for Tier 1, Tier 2, and Tier 3 security incidents and events. Implement and mature threat hunting, security analytics, and detection engineering programs. Ensure and validate Customer Incident Response and capabilities for onboarding mergers & acquisitions, new customers, and new environments as we grow and scale. Security Assessment and Continuous Threat Exposure Management:Identifying and fixing weaknesses in systems and networks including establish MTTD, MTTR, and MTTA for exposures, vulnerabilities, and potential threats. Incident Response:Investigating and responding to security breaches, including analyzing incidents and escalating them when necessary. Threat Detection and Prevention:Monitoring network traffic, system logs, and other data sources to identify potential threats and malicious activity. Security System Administration and Maintenance:Installing, configuring, and maintaining security tools like firewalls, antivirus software, and intrusion detection systems. Security Policy and Procedure Development:Creating and enforcing security policies and procedures to protect sensitive information. Security Training and Awareness:Educating employees about cybersecurity risks and best practices. Staying Up-to-Date:Keeping abreast of the latest security threats, vulnerabilities, and technologies. Threat Intelligence & Response: Build and manage a comprehensive threat intelligence function to anticipate and defend against advanced persistent threats (APTs) and zero-day vulnerabilities. Lead cyber incident response efforts, including containment, eradication, and post-incident reviews. Serve as a key escalation point during major security events and coordinate cross-functional response. Security Engineering & Automation: Oversee the development and deployment of tools and technologies that support threat detection, log aggregation, SIEM, SOAR, EDR, and XDR platforms. Drive automation and orchestration to increase efficiency and reduce time to detection/response. Hold QBRs with key security operations vendors to ensure compliance and SLAs are met with all contracts. Team Leadership & Development: Build, lead, and inspire a high-performing cyber defense team, including SOC analysts, incident responders, threat hunters, and detection engineers. Foster a culture of accountability, continuous learning, and proactive defense. Establish Career Development Plans and Growth for analysts, engineers, managers, and directors as the business grows and scales. Collaboration & Executive Engagement: Partner with IT, Infrastructure, Risk, Compliance, and Legal teams to align cyber defense practices with business needs. Provide executive-level reporting on threat landscape, risk posture, and incident metrics. Act as a thought leader and spokesperson on cyber defense strategy internally and externally. Qualifications: Bachelor's or Master's degree in Cybersecurity, Computer Science, Information Technology, or a related field. 15+ years of experience in cybersecurity, with at least 5 to 8 years in a senior leadership role overseeing SOC, incident response, or threat intelligence. Deep knowledge of security operations, threat detection techniques, MITRE ATT&CK, and NIST/ISO frameworks. Proven track record managing large-scale incident response, threat intelligence operations, and blue team functions. Experience with cloud security (AWS, Azure, GCP) and hybrid infrastructure defense. Strong executive presence and ability to communicate effectively with C-level stakeholders. Relevant certifications such as CISSP, GIAC, GCIA, GCIH, or equivalent are highly desirable. Our Values If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success - and the success of our customers. Does your heart beat like ours Find out here: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.