Detection Engineer

I. PURPOSE

The Detection Engineer supports the development and refinement of MSS/MIS solution implementation under the guidance of the Implementation Lead. He/she participates in client workshops, assists in gathering requirements, and gains hands-on experience in the implementation processes during the implementation phase of the project. He/She works collaboratively with TG implementation/project team members and necessary MICTS Team to process data, perform statistical analysis, and contribute to the development and optimization of analytical models and algorithms. Additionally, he/she executes adjustments and refinements based on feedback, actively engages in learning opportunities, and collaborates with team members to ensure timely delivery of implementation initiatives.

II.      DUTIES AND RESPONSIBILITIES

• Accomplishes all assigned tasks by the management in a timely and effective manner as deemed necessary for the betterment of the organization.
• Follows effective and efficient processes and comply with escalation protocols.
• Contributes to the knowledge and information relevant to Systems and Platforms.
• Participates in activities promoting a harmonious working environment such as demonstrating trust and respect and practicing open communication.
• Complies with company policies, guidelines, standards, and procedures.
• Professionally represents Trends management; enriching client relationships and providing expertise, composure, and competence.
• Collaborates with team members in creating documentation, including specifications and optimization guidelines.
• Receives information from Technical Groups and Sales Group/s Solutions Architects.
• Can work with Design and Development team to either explore or do some POCs if necessary.
• Will implement initiatives for further improvement of service delivery triggered by the Design and Development Team.

Service Catalog Management

• Maintains and updates entries in the service catalog following established procedures and guidelines.
• Promotes awareness of the service catalog among internal teams and stakeholders.

Service Level Management

• Follows key metrics defined in Project team milestones and goals.

Member of the Internal Change Advisory Board and Project Implementation Team

• Executes tasks and activities to support the implementation of approved changes and projects

Configuration Management

• Documents configurations for the implemented detection rules/policy under the guidance of the Lead.

Provides 2nd Level Support to Optimization & Support Team.

• Responds to support tickets and inquiries in a timely manner.
• Performs basic troubleshooting and issue triage.

Process Management

• Receives information related to the enforcement, monitoring, measurement, and continual improvement on the process areas related to internal infrastructure, platforms, and technical security controls needed for Managed ICT Service delivery.

III.    QUALIFICATIONS

A.    Minimum Education

• Bachelor's degree in information systems, Information Technology (IT), Computer Science, Engineering, or other technical / IT field

B.    Minimum Experience/Training

• At least 1-2 years of working experience in Information Security or Network Engineering.
• Familiarity with the following technology/solutions:
• Security Technologies (SIEM, EDR, NDR, Threat Intel Platform, VA, and etc..)

Or

• Network Technologies (NMS, FW, WAF, and etc..)

• Familiarity with Mitre Attack framework and/or OSI Layers

• Comfortable working on computer networking, information security, and understanding security threats based on different scenarios.
• Preferably but not required training and certification:
• ITIL Foundation
• Application support management
• Technology/Solution training and certifications mentioned above.

C.    Competency

• For Detection Engineering of Security Services
• Understands how to map adversary behaviors using threat models like MITRE ATT&CK and translates them into actionable detection rules.
• Writes and maintains correlation rules using query languages (e.g., SPL for Splunk, KQL for Sentinel) based on attack patterns and log behavior.
• Parses and normalizes logs using field extractions and ensures proper data enrichment and mapping to the common information model (CIM).
• Onboards and integrates diverse security data sources such as firewall logs, endpoint detection and response (EDR), Active Directory, and DNS.
• Tests detection rules using threat emulation tools (e.g., Atomic Red Team, Caldera) to validate that the detection logic works against real-world threats.
• Enriches detection rules with threat intelligence data such as malicious IPs, hashes, or domain indicators of compromise (IOCs).
• Follows a structured detection use case lifecycle from design and development to tuning, documentation, deployment, and retirement.
• Tunes alerts to reduce false positives and ensure the alerts that are triggered are meaningful, accurate, and actionable.

• Demonstrates working knowledge of industry frameworks like MITRE ATT&CK, NIST CSF, and Cyber Kill Chain for context-driven detection logic.

• For Detection Engineering of Infra Services

• Designs and implements monitoring rules that trigger alerts based on performance thresholds like high CPU, memory usage, or disk capacity
• Sets up availability checks using protocols such as ICMP (ping), SNMP polling/traps, or heartbeat monitors to detect device or service outages.
• Builds and applies monitoring templates across various device categories, ensuring consistent alert logic for network, server, and application layers.
• Configures alert actions to integrate with ITSM tools for automatic ticket creation and escalation to the appropriate support teams.
• Analyzes NetFlow or sFlow data to identify unusual traffic patterns, congestion, or potential link saturation across the network.
• Implements service dependency mappings so alerts reflect true service impact (e.g., web app down due to underlying database issues)
• Creates early-warning detection for capacity issues by configuring alerts for nearing thresholds (e.g., disk usage > 80%)
• Uses baseline behavior and historical trend analysis to set dynamic thresholds or detect anomalies instead of relying only on static values.
• Tags critical alerts with SLA impact indicators to help prioritize response according to agreed service levels.

IV.    WORKING CONDITIONS

• Reporting to the company's main office in Makati City on a hybrid work arrangement.
• Collaborate physically and/or virtually with internal and external stakeholders.
• May travel for face-to-face client meetings, company-sponsored conferences, and related marketing events.
• Attend training and acquire certifications that are applicable to the role.