CrawlJobs Logo

Cyber Threat Detection Engineer

United States · Job Posted January 04, 2026
Apply Position
Job Link Share

Job Description

Rearc is looking for a Cybersecurity Threat Detection Engineer with proactive communication skills, a foundation in DevSecOps, Detection-As-Code, deep purple team technical expertise, and an entrepreneurial approach to join our growing Cybersecurity practice. This role involves partnering with Rearc customers to design cutting-edge detection strategies and support the development of top-tier, modern cybersecurity monitoring programs. You will craft tailored security detections to strengthen our clients' cybersecurity efforts by leveraging Security Information and Event Management (SIEM), Security Orchestration Automation and Response (SOAR), Endpoint Detection and Response (EDR), and Network Detection and Response (NDR) services.

Job Responsibility

  • Utilize NDR, EDR, real-time streaming, and SIEM technologies to develop robust threat detection capabilities
  • Build and optimize detection rules leveraging real-time data streaming to enhance detection accuracy
  • Design enrichment pipelines and automation workflows to enhance the precision of threat detections
  • Develop correlation logic and automated processes to create high-fidelity threat alerts
  • Build compliance and recoverability of customer Data Analytics solutions, including SOPs, data onboarding, normalization, enrichment, and system maintenance
  • Create automation playbooks for incident triage and response
  • Align detection content with customer-specific Use Case Frameworks and provide metrics on cybersecurity threats impacting their environment
  • Collaborate with customer cybersecurity teams to cover gaps and enhance enterprise posture
  • Support enterprise Cybersecurity, Information Technology (IT), and Operational Technology (OT) teams by providing dashboards and other data exploration tools
  • Stay continually aware of emerging cybersecurity threats and trends, adapting detection strategies as needed
  • Work closely with customer teams, including Cybersecurity Operations Center (CSOC), Operational Technology (OT), and Incident Response (IR) teams, to ensure detections are actionable and relevant
  • Provide feedback to improve the customer's security framework and overall security monitoring strategy

Requirements

  • 6+ years of experience in Cybersecurity with a focus on: Log streaming
  • Cybersecurity data lakes and data warehousing
  • SOAR engineering
  • SIEM engineering, administration, architecture, and operations
  • Data science, statistical analysis, and threat detection development
  • Integrating disparate IT, OT, and business applications into SIEM systems
  • Bachelor's degree in Management Information Systems, Computer Science, or a related field
  • A strong passion for Cybersecurity and a commitment to staying current with industry trends, best practices, and tools
  • Proven experience in documenting, socializing, and operationalizing Cybersecurity technologies and processes
  • Prior programming experience in Python, SQL, and Apache Spark
  • Solid understanding of common attack techniques and their practical applications
  • Demonstrated ability to work effectively across multiple teams, building cross-functional relationships with individuals of varying technical expertise
  • A self-starter with a proven ability to thrive in fast-paced environments
  • Strong technical communication skills, both written and verbal

Nice to have

Prior experience with platforms like Databricks, Cribl, Tines, or other cybersecurity lakehouse providers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Cyber Threat Detection Engineer

8 matching positions

Information Security Engineer – Cyber Threat Detection & Response

Ryanair Labs are currently recruiting for a Information Security Engineer – Cybe...
Location
Location
Poland , Wroclaw
Salary
Salary:
Not provided
ryanair.com Logo
Ryanair - Europe's Favourite Airline
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years in SOC, IR, or threat detection roles
  • Hands-on experience with SIEM (e.g., Microsoft Sentinel, Splunk), EDR (e.g., Defender, CrowdStrike)
  • Experience with Azure/AWS cloud security logs and detection use cases
  • Practical knowledge of MITRE ATT&CK
  • Ability to produce meaningful metrics and dashboards (e.g., Sentinel Workbooks, Power BI, Kibana)
  • Strong scripting skills (Python, PowerShell)
  • Clear communication skills across technical and non-technical stakeholders
Job Responsibility
Job Responsibility
  • Develop and tune threat detection rules across SIEM, EDR, and cloud environments
  • Lead containment, eradication, and recovery efforts for cyber incidents
  • Create and maintain dashboards to track KPIs such as MTTD, MTTR, detection coverage, and investigation volume
  • Perform threat hunting based on current threat intelligence and adversary TTPs
  • Automate alert enrichment, triage, and response workflows using SOAR or scripting (Python/PowerShell)
  • Collaborate with IT, cloud, and compliance teams to enhance detection quality and response readiness
  • Contribute to documentation, playbooks, and continuous process improvement
What we offer
What we offer
  • Contract of employment (permanent after trial period)
  • Hybrid home office (2 days per week from the office, 3 days remote)
  • Discounted and unlimited travel to over 250 destinations
  • Multisport card
  • Private health care
  • Group insurance scheme
  • Possibility to take part in conferences, training and courses
  • Office located in the city center with a view for an Old Market Square
  • Annual events (i.e. St. Patrick’s Day)
  • Regular social meetings
  • Fulltime
Read More
Arrow Right

Senior Cyber Detection Engineer (SIEM)

Zachary Piper Solutions is seeking a Senior Cyber Detection Engineer (SIEM) to s...
Location
Location
United States , Springfield
Salary
Salary:
135000.00 - 150000.00 USD / Year
pipercompanies.com Logo
Piper Companies
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Active TS/SCI CI Polygraph required
  • Bachelor’s degree from an accredited college in a related discipline and 5+ years of prior relevant experience
  • IAT Level II (GSEC, Security+, SSCP, or CCNA-Security) certification required
  • Proficient in modern operating systems, including Windows, UNIX, network OS environments, databases, and virtualized computing platforms
  • Experienced with enterprise-grade security tools, such as Security Information and Event Management (SIEM) systems specifically Splunk, Threat Intelligence Platforms (TIPs), and network monitoring solutions
  • Skilled in developing, modifying, and fine-tuning detection mechanisms, including IDS signatures and SIEM correlation rules
  • Knowledgeable in implementing cybersecurity countermeasures and mitigation strategies to reduce risk and enhance system resilience
Job Responsibility
Job Responsibility
  • Support Cyber Operations Squadron (COS) efforts by ensuring timely publication of updated cybersecurity tool signatures, including antivirus and host-based security systems
  • Conduct in-depth threat analysis, including reverse engineering of malware, to uncover critical details such as origin, target, impacted systems, recommended mitigations, and mission risk
  • Develop custom content for Security Information and Event Management (SIEM) tools and create tailored IDS/IPS signatures to counter specific threats
  • Correlate security events and incidents using data from diverse enterprise sources to identify patterns and potential threats
  • Assess the impact of cyber incidents on data and infrastructure, providing detailed evaluations of damage and recovery needs
  • Perform trend analysis and reporting on cyber incidents to identify recurring threats and inform proactive defense strategies
  • Analyze network traffic and system data to detect anomalies and potential security threats
  • Deliver real-time detection, identification, and reporting of cyber intrusions, suspicious activities, and policy violations
  • Create and implement detection rules
What we offer
What we offer
  • Full Benefits: PTO
  • 11 Paid Holidays
  • Cigna Medical, Dental, and Vision
  • 401k with ADP
  • Certification reimbursement
  • Contract mobility and job stability – Contract through 2026
  • Fulltime
Read More
Arrow Right

Senior Cyber Threat Intelligence Engineer

As a Senior Cyber Threat Intelligence Engineer, you will function as a deeply te...
Location
Location
United States , Chevy Chase; Palo Alto; Seattle
Salary
Salary:
105000.00 - 215000.00 USD / Year
geico.com Logo
Geico
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of experience in cyber threat intelligence, threat hunting, security operations, or a related cybersecurity discipline
  • Demonstrated hands-on experience conducting threat hunting in enterprise environments
  • Strong coding or scripting experience with the ability to design and maintain custom tools
  • Proven experience applying adversary frameworks such as MITRE ATT&CK to real-world detection and analysis
  • Experience producing written intelligence products that inform technical teams and leadership
  • Deep understanding of attacker techniques, intrusion workflows, malware, and phishing operations
  • Experience working with SIEM, EDR, and threat intelligence platforms
  • Ability to work independently, manage competing priorities, and deliver results under time constraints
Job Responsibility
Job Responsibility
  • Analyze and assess advanced cyber threats, adversary behavior, tooling, and campaigns relevant to GEICO
  • Develop and execute intelligence-informed threat-hunting hypotheses using endpoint, network, and cloud telemetry
  • Build, maintain, and enhance custom tools, scripts, and automation to support intelligence analysis and hunting workflows
  • Use programming and scripting languages (e.g., Python, PowerShell, Bash, or similar) to analyze data, enrich intelligence, and automate manual processes
  • Translate threat intelligence into actionable detection logic, investigative guidance, and response context
  • Produce clear, well-structured written intelligence products, including assessments, briefings, and reports for both technical and non-technical audiences
  • Support active investigations by providing timely adversary context during incidents
  • Track emerging threats, vulnerabilities, and adversary trends, prioritizing relevance and impact
  • Continuously improve analytic tradecraft, tooling, and processes to increase effectiveness and efficiency
What we offer
What we offer
  • Comprehensive Total Rewards program
  • 401K savings plan with 6% match
  • Performance and recognition-based incentives
  • Tuition assistance
  • Mental healthcare
  • Fertility and adoption assistance
  • Workplace flexibility
  • GEICO Flex program (work from anywhere in the US for up to four weeks per year)
  • Fulltime
Read More
Arrow Right

Gaming Principal, Cloud Threat Detection & Incident Response Engineer

We are seeking a Gaming Principal, Cloud Threat Detection & Incident Response En...
Location
Location
United States , Multiple Locations
Salary
Salary:
139900.00 - 274800.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR equivalent experience
Job Responsibility
Job Responsibility
  • Architect and drive Gaming’s cloud-first detection and response vision by integrating Azure, AWS, and GCP (Google Cloud Platform) native security services and telemetry sources into TDIR (Threat Detection, Investigation, and Response) workflows
  • Lead adoption and optimization of Microsoft Defender for Cloud, Sentinel, Entra ID security, Defender for Cloud Apps, and other cloud-native security controls
  • Establish standards and reference architectures for cloud telemetry ingestion, normalization, enrichment, and threat analytics across diverse studio environments
  • Build and maintain high-fidelity, cloud-native detections targeting threat actors across identity, SaaS, PaaS, IaaS, and Kubernetes environments
  • Develop behavioral detections leveraging KQL (Kusto Query Language), automation, analytics, and ML-assisted methodologies
  • Partner with threat intelligence to map adversary TTPs (Tactics, Techniques, and Procedures) to cloud control surfaces and turn insights into durable detection engineering roadmaps
  • Serve as principal technical authority during major cloud-related incidents, providing expert guidance on identity compromise, lateral movement, key/material theft, resource manipulation, and multi-cloud attack paths
  • Formalize standards for cloud investigations, including telemetry requirements, visibility gaps, and automated triage workflows
  • Drive post-incident cloud hardening by influencing product teams, studio engineering, and platform owners
  • Architect and implement automation for detection deployment, evidence collection, containment, and remediation using Azure Functions, Logic Apps, and modern SOAR patterns
  • Fulltime
Read More
Arrow Right

Cyber Systems Engineer Senior Technical Specialist – Project Engineer

The Cyber Systems Engineer Project Management Technical Support provides support...
Location
Location
United States , Westfields, Virginia
Salary
Salary:
Not provided
arcfield.com Logo
Arcfield
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • BS 12-15, MS 10-13, PhD 10+
  • Must possess and be able to maintain a TS/SCI with Poly
  • Able to support customer’s core hours (0900-1500
  • Mon – Fri)
  • DoD 8570 certification in IAT or IAM
  • Experience with security operations, data analysis, threat detection, and the deployment and optimization of Splunk for enterprise security solutions
  • understanding of Security Information and Event Management (SIEM) and log management
  • Experience supporting project management and acquisitions
  • Experience with customer’s Cybersecurity Processes and tools/capabilities to include Splunk
  • Experience in requirements analysis
Job Responsibility
Job Responsibility
  • Work collaboratively with the government customer and a small team of project managers and developers to ensure successful implementation of Splunk
  • Collaborate with the cyber operations group and act as the liaison between the group and developers to ensure Splunk requirements are understood and being met
  • Provide assessments to the customer on the cybersecurity contractor’s program performance.
  • Develop, maintain, and deliver acquisition artifacts to assist the customer in assessing contractor’s performance
  • Assist in the development of execution reviews, acquisition roadmaps and transition plans
  • Develop briefings and artifacts for acquisition Readiness Reviews
  • Provide technical recaps of customer meetings with cyber security contractors
  • Work closely with the customer Lead and stakeholders to execute contracts
  • Provide technical input for the development of acquisition documentation for review and approval by the customer to include Requests for Contract Action (RCA) packages, RFPs for Engineering Change Proposals (ECPs), and proposal analysis to support negotiation and award activities.
  • Assist in the development, review, and update of acquisition documents to ensure guidance for acquisitions is adequate and current.
  • Fulltime
Read More
Arrow Right

Cyber Threat Intelligence Analyst

The Cyber Threat Intelligence Analyst (CTI) plays a vital role in enhancing Amge...
Location
Location
Portugal , Lisbon
Salary
Salary:
Not provided
amgen.com Logo
Amgen
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master’s degree in Cybersecurity, Information Technology, Intelligence Studies, or related field OR Bachelor’s degree with 1 year of experience in Cyber Threat Intelligence, Threat Hunting, or a similar security role OR Diploma with 2 years of relevant experience in threat intelligence or related cybersecurity functions
  • Strong understanding of the cyber threat landscape, adversary tactics (MITRE ATT&CK), and threat actor methodologies
  • Experience conducting intelligence analysis using OSINT, dark web monitoring, threat reports, and threat intelligence platforms
  • Ability to write concise, impactful threat intelligence reports tailored to various audiences
  • Familiarity with cyber kill chain, diamond model, and intelligence lifecycle
  • Basic scripting knowledge (Python, PowerShell) to support enrichment and automation of threat intelligence
Job Responsibility
Job Responsibility
  • Collect, analyze, and assess cyber threat intelligence from open-source intelligence (OSINT), commercial feeds, government sources, and internal telemetry
  • Develop and maintain profiles of threat actors, their capabilities, infrastructure, and campaigns relevant to Amgen’s industry
  • Produce actionable intelligence reports, threat advisories, and strategic briefings for technical teams and senior stakeholders
  • Correlate threat intelligence with internal events to support investigations and improve detection capabilities
  • Assist in the enrichment of threat hunting and incident response efforts by providing contextual intelligence and TTP mapping
  • Track geopolitical and sector-specific threats to anticipate risks that could affect business operations
  • Collaborate with SOC and engineering teams to improve detection rules and defense mechanisms based on threat intelligence findings
  • Maintain situational awareness of the cyber threat landscape and emerging risks to healthcare, life sciences, and biotechnology sectors
  • Support the configuration and maintenance of threat intelligence platforms (TIPs) and threat feed integrations
  • Contribute to purple team and threat emulation exercises to validate defensive controls and response capabilities
What we offer
What we offer
  • Work That Matters – Build tech that accelerates scientific breakthroughs and helps patients worldwide
  • Modern Tech Stack – Cloud-first, automation-focused, AI-powered
  • Global Scale, Agile Mindset – Collaborate across continents while working in nimble, high-impact teams
  • Continuous Learning – Access to certifications, trainings, mentorship, and career mobility
  • AMGEN Total Rewards Plan – Comprehensive benefits in healthcare, finance, and well-being
  • Flexibility – Hybrid work model with time split between our Lisbon office and remote work
  • Fulltime
Read More
Arrow Right

SOC Cyber Threat Expert

At Vodafone, we’re not just shaping the future of connectivity for our customers...
Location
Location
Türkiye , Ankara
Salary
Salary:
Not provided
vodafone.com Logo
Vodafone
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s Degree in engineering departments (preferably Electronics or Computer Engineering)
  • 5+ years of experience in performing hands-on security engineering, consulting, team management, penetration testing, and/or adversary simulation, red teaming exercises, vulnerability assessments in complex operational ICT environments
  • Familiarity with industry standards like OWASP TOP10, CVSS, CIS, NIST etc.
  • CISSP, CISM, OSCP, CEH level is expected
  • Experienced in SIEM products (QRadar, FortiSIEM Splunk, Logsign etc.) and SOAR products
  • Experience working with Threat modeling (e.g., STRIDE, PASTA, FAIR, Security Cards), operational threat intelligence, and attack framework standards (e.g., MITRE ATT&CK) with a good understanding of the Cyber Kill Chain and pervasive threat attack methods and remediation
  • Experience working in an industry standard Security Operations Center or similar environment providing incident handling and response, intrusion detection, analysis, cyber threat intelligence, threat determination, and mitigations processing and tracking, working with several network and system security technologies to include Elasticsearch, data analytics platforms, endpoint tools, network technologies, and SIEMs
  • Experience developing detection logic for enterprise SIEM systems and with exploitation techniques and use case development
  • Experience in the detection and response to malicious activity using log data and alerts from cybersecurity solutions, systems, and network devices
  • Experience extracting and analyzing forensic artifacts across Windows, Mac, and Linux operating systems
Job Responsibility
Job Responsibility
  • Coding Experience in Scripting & programming languages (such as Java, Bash, Python, PowerShell, etc.) to use these skills to aid in responding to incidents involving Windows, Linux, and Mac hosts, as well as automate common analytical processes to reduce analyst time and avoid repetitive incident response tasks
  • Making assessments on Information Security processes and taking responsibility of implementing improvements on related systems
  • Deploy, configure, and maintain security technologies, including, EDR, XDR, SOAR, SIEM, solutions to assess each of the cybersecurity technology’s responses
  • Develop open-source and vendor based threat detection scenarios
  • Develop tooling for Detection Development Life-Cycle
  • Research on new threat hunting methodologies, tools, and technologies
  • Onboard and maintain detection and hunting products (SIEM, EDR, etc.)
  • Manage and maintain internal SOC technologies and processes
  • Effectively use threat intelligence services and malware sandboxes for hunting new malware threats
  • Excellent written skills with demonstrated ability to write reports
What we offer
What we offer
  • Vflexy: Flexible Benefits Program
  • Hybrid working kit
  • Ergonomic kit allowance
  • Digital meal voucher
  • Flexible transportation allowance
  • Employee assistance hotline & counselling
  • Comprehensive and flexible private health insurance
  • Discounted price deals for wide range of products & services
  • Fulltime
Read More
Arrow Right

Security Engineer, Detection & Response

We are seeking a Senior Security Engineer with a specialty in Detection and Inci...
Location
Location
United States , New York; San Francisco; Seattle; Washington
Salary
Salary:
237600.00 - 297000.00 USD / Year
scale.com Logo
Scale
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in Detection Engineering, Incident Response, or Security Operations, with a strong emphasis on building and shipping security tooling and automation
  • Proficiency in at least one programming language (e.g., Python, Go) and comfort writing production-grade code — not just scripts
  • Hands-on experience designing or improving detection pipelines, SIEM content, and alerting workflows in cloud-native environments
  • Practical experience with SIEM, EDR, and SOAR tools, with a preference for candidates who have built integrations or extended these platforms programmatically
  • Strong understanding of modern cyber threats, common attack techniques, and adversary TTPs
  • Familiarity with digital forensics tools and malware analysis techniques
  • Experience with cloud-native environments (e.g., AWS, GCP, Azure) and the security telemetry those environments generate
  • Exposure to threat intelligence platforms and integrating intel into detection and investigation workflows
  • Strong communication skills, with the ability to translate complex security findings into clear business impact
  • Relevant security certifications (e.g., GCIH, GCFA, GCIA, CISSP, GDSA) are a plus
Job Responsibility
Job Responsibility
  • Engineer, test, and deploy detection logic across cloud and enterprise environments, treating detections as software with version control, peer review, and measurable performance
  • Build and maintain incident response automation, runbooks, and tooling that reduce containment timelines without sacrificing developer velocity
  • Mature telemetry pipelines through improved schema design, normalization, enrichment, and quality checks that reduce false positives and increase signal fidelity
  • Perform digital incident investigations to identify and contain potential security breaches
  • Conduct digital forensics and malware analysis to understand attack vectors and adversary methodologies
  • Integrate alerting with messaging and ticketing systems to enable fast, traceable response workflows
  • Partner cross-functionally with IT, security, and engineering teams to harden identity and access patterns, close logging and forensics gaps, and implement maintainable guardrails that scale with the organization
  • Utilize threat intelligence platforms to improve hunting, detection, and response workflows
  • Clearly explain the significance and impact of incidents, providing actionable recommendations to both technical and non-technical stakeholders
What we offer
What we offer
  • Comprehensive health, dental and vision coverage
  • retirement benefits
  • learning and development stipend
  • generous PTO
  • commuter stipend
  • Fulltime
Read More
Arrow Right