Detection Engineer

Overview

I. PURPOSE The Detection Engineer supports the development and refinement of MSS/MIS solution implementation under the guidance of the Implementation Lead. He/she participates in client workshops, assists in gathering requirements, and gains hands-on experience in the implementation processes during the implementation phase of the project. He/She works collaboratively with TG implementation/project team members and necessary MICTS Team to process data, perform statistical analysis, and contribute to the development and optimization of analytical models and algorithms. Additionally, he/she executes adjustments and refinements based on feedback, actively engages in learning opportunities, and collaborates with team members to ensure timely delivery of implementation initiatives.

• Accomplishes all assigned tasks by the management in a timely and effective manner as deemed necessary for the betterment of the organization.
• Follows effective and efficient processes and comply with escalation protocols.
• Contributes to the knowledge and information relevant to Systems and Platforms.
• Participates in activities promoting a harmonious working environment such as demonstrating trust and respect and practicing open communication.
• Complies with company policies, guidelines, standards, and procedures.
• Professionally represents Trends management; enriching client relationships and providing expertise, composure, and competence.
• Collaborates with team members in creating documentation, including specifications and optimization guidelines.
• Receives information from Technical Groups and Sales Group/s Solutions Architects.
• Works with Design and Development team to explore or conduct POCs if necessary.
• Implements initiatives for further improvement of service delivery triggered by the Design and Development Team.
• Maintains and updates entries in the service catalog following established procedures and guidelines; promotes awareness of the service catalog among internal teams and stakeholders.
• Follows key metrics defined in project milestones and goals.
• Executes tasks and activities to support the implementation of approved changes and projects (Internal Change Advisory Board and Project Implementation Team).
• Documents configurations for the implemented detection rules/policy under the guidance of the Lead.
• Provides 2nd level support to the Optimization & Support Team; responds to tickets and inquiries in a timely manner; performs basic troubleshooting and issue triage.
• Receives information related to enforcement, monitoring, measurement, and continual improvement on process areas related to internal infrastructure, platforms, and technical security controls needed for Managed ICT Service delivery.

• Minimum Education
• Bachelor's degree in information systems, Information Technology (IT), Computer Science, Engineering, or other technical / IT field
• Minimum Experience/Training
• At least 1-2 years of working experience in Information Security or Network Engineering.
• Familiarity with the following technology/solutions:
• Security Technologies (SIEM, EDR, NDR, Threat Intel Platform, VA, etc.)
• Network Technologies (NMS, FW, WAF, etc.)
• Familiarity with Mitre Attack framework and/or OSI Layers
• Comfortable working on computer networking, information security, and understanding security threats based on different scenarios.
• Preferably but not required training and certification:
  • ITIL Foundation
  • Application support management
  • Technology/Solution training and certifications mentioned above.
• Competency
• For Detection Engineering of Security Services
  • Understands how to map adversary behaviors using threat models like MITRE ATT&CK and translates them into actionable detection rules.
  • Writes and maintains correlation rules using query languages (e.g., SPL for Splunk, KQL for Sentinel) based on attack patterns and log behavior.
  • Parses and normalizes logs using field extractions and ensures proper data enrichment and mapping to the CIM.
  • Onboards and integrates diverse security data sources such as firewall logs, EDR, Active Directory, and DNS.
  • Tests detection rules using threat emulation tools (e.g., Atomic Red Team, Caldera) to validate detection logic against real-world threats.
  • Enriches detection rules with threat intelligence data such as malicious IPs, hashes, or IO-Cs.
  • Follows a structured detection use case lifecycle from design and development to tuning, documentation, deployment, and retirement.
  • Tunes alerts to reduce false positives and ensure alerts are meaningful, accurate, and actionable.
  • Demonstrates working knowledge of industry frameworks like MITRE ATT&CK, NIST CSF, and Cyber Kill Chain for context-driven detection logic.
  • For Detection Engineering of Infra Services
  • Designs and implements monitoring rules that trigger alerts based on performance thresholds (e.g., high CPU, memory usage, or disk capacity).
  • Sets up availability checks using protocols such as ICMP, SNMP, or heartbeat monitors to detect device or service outages.
  • Builds and applies monitoring templates across device categories, ensuring consistent alert logic for network, server, and application layers.
  • Configures alert actions to integrate with ITSM tools for automatic ticket creation and escalation to the appropriate support teams.
  • Analyzes NetFlow or sFlow data to identify unusual traffic patterns, congestion, or potential link saturation across the network.
  • Implements service dependency mappings so alerts reflect true service impact.
  • Creates early-warning detection for capacity issues by configuring alerts for nearing thresholds (e.g., disk usage > 80%).
  • Uses baseline behavior and historical trend analysis to set dynamic thresholds or detect anomalies rather than relying only on static values.
  • Tags critical alerts with SLA impact indicators to help prioritize response according to agreed service levels.

• Reporting to the company’s main office in Makati City on a hybrid work arrangement.
• Collaborate physically and/or virtually with internal and external stakeholders.
• May travel for face-to-face client meetings, company-sponsored conferences, and related marketing events.
• Attend training and acquire certifications that are applicable to the role.