Detection Engineer

I. PURPOSE

The Detection Engineer supports the implementation and enhancement of MSS/MIS solutions under the guidance of the Implementation Lead. The role involves participating in client workshops, assisting with requirements gathering, and gaining hands-on experience throughout project implementation. The Detection Engineer works closely with TG implementation/project teams and the MICTS Team to process data, conduct statistical analysis, and contribute to the development and optimization of analytical models and algorithms. The position also includes making adjustments based on feedback, engaging in continuous learning, and collaborating with the team to ensure timely delivery of implementation activities.

II. DUTIES AND RESPONSIBILITIES

• Complete assigned tasks efficiently and on time as required for organizational improvement.
• Follow established processes and adhere to escalation protocols.
• Contribute to system and platform-related knowledge resources.
• Participate in initiatives that encourage a collaborative and respectful working environment.
• Comply with company policies, standards, and procedures.
• Represent Trends professionally, strengthening client relationships with expertise and composure.
• Collaborate with the team in creating documentation such as specifications and optimization guidelines.
• Receive technical information from Technical Groups and Solutions Architects.
• Work with the Design and Development Team on exploratory work or proof of concepts when needed.
• Implement service delivery improvements initiated by the Design and Development Team.

Service Catalog Management

• Maintain and update service catalog entries in line with established guidelines.
• Help promote service catalog awareness within internal teams and stakeholders.

Service Level Management

• Follow key metrics defined in project milestones and goals.

Internal CAB and Project Implementation Participation

• Support the execution of approved change and project implementation tasks.

Configuration Management

• Document configurations for deployed detection rules and policies under the Lead's guidance.

2nd Level Support

• Respond promptly to support tickets and inquiries.
• Perform basic troubleshooting and triage activities.

Process Management

• Receive and apply information related to monitoring, enforcement, measurement, and continuous improvement of processes supporting Managed ICT Service delivery.

III. QUALIFICATIONS

A. Education

• Bachelor's degree in information systems, IT, Computer Science, Engineering, or a related technical field.

B. Experience & Training

• 1–2 years of experience in Information Security or Network Engineering.
• Familiarity with security technologies (SIEM, EDR, NDR, Threat Intel Platform, VA, etc.) or network technologies (NMS, FW, WAF, etc.).
• Knowledge of the MITRE ATT&CK framework and/or OSI model.
• Comfortable working in networking and information security environments and understanding threat scenarios.

Preferred but not required:

• ITIL Foundation
• Application support management training
• Certifications related to the technologies listed above

C. Competencies

Detection Engineering – Security Services

• Ability to map adversary behaviors using threat models (e.g., MITRE ATT&CK) and convert them into detection rules.
• Skilled in writing and maintaining correlation rules using query languages (e.g., SPL, KQL).
• Able to parse and normalize logs with field extractions and ensure proper mapping to a common information model.
• Capable of onboarding diverse security data sources (firewalls, EDR, AD, DNS, etc.).
• Familiar with threat emulation tools to validate detection rules.
• Knowledgeable in enriching detection rules with threat intelligence (IOCs such as IPs, hashes, domains).
• Follows the complete detection use-case lifecycle from design to retirement.
• Tunes alerts to reduce false positives and ensure actionable output.
• Understands frameworks like MITRE ATT&CK, NIST CSF, and Cyber Kill Chain for contextual detection creation.

Detection Engineering – Infrastructure Services

• Designs monitoring rules based on performance thresholds (CPU, memory, disk, etc.).
• Configures availability checks (ICMP, SNMP, heartbeat) for outage detection.
• Builds monitoring templates for consistent alerting across network, server, and application layers.
• Integrates alert actions with ITSM systems for automated ticketing and escalation.
• Analyzes NetFlow/sFlow data to detect unusual patterns or network congestion.
• Implements service dependency mapping to reflect true service impact.
• Creates early-warning alerts for capacity issues.
• Uses historical data and baseline trends to configure dynamic thresholds or anomaly detection.
• Tags critical alerts with SLA indicators to support prioritization.