Responsibilities
- Write and validate Sigma/YARA rules for Windows, Linux, and AWS
- Build exclusion logic to ensure noise-free detections
- Develop and maintain detection-as-code pipelines
- Convert threat intel into actionable detection content
- Collaborate with research and platform teams to improve signal quality
Requirements
- 3+ years in a SOC or detection engineering role
- Proficiency in Python or Golang
- Experience with SIEM platforms (DNIF, ELK, Splunk, Sentinel)
- Strong understanding of MITRE ATT&CK, LOLBins, evasion techniques