JSOC - Senior Detection Engineer

Questrade Financial Group • São Paulo, State of São Paulo, Brazil • 1w ago

What’s in it for you as an employee of QFG?

Health & wellbeing resources and programs
Paid vacation, personal, and sick days for work-life balance
Competitive compensation and benefits packages
Career growth and development opportunities
Opportunities to contribute to community causes
Work with diverse team members in an inclusive and collaborative environment

We’re looking for our next Senior Detection Engineer. Could It Be You?

Your contribution delivering sustainable and measurable results in the following areas will be very important:

Owning the quality and effectiveness of the detection portfolio - creating, tuning, validating, and retiring alerts that drive organizational security outcomes. You will be primarily involved in authoring and testing detection rules, maintaining alert coverage and fidelity, reducing false positives, and collaborating with SOC analysts, SIEM Engineers and CTI Specialists to operationalize detections. You will be working alongside internal customers and our vendor support teams to ensure we are utilizing our security tools in accordance with corporate policies and growing business needs. You will work closely with Cybersecurity and IT teams to align priorities and execute plans for new initiatives, as well as contribute to process improvements and build documentation for new tools.

Need more details? Keep reading…

You will:

Author, test, and deploy detection rules aligned to MITRE ATT&CK coverage gaps.
Maintain the detection portfolio: track coverage, false positive rates, alert fidelity, and relevance.
Validate alerts through purple-team exercises and real-world scenario testing.
Tune detection logic to reduce false positive rates and improve signal-to-noise ratio.
Document detection rationale, expected behavior, and runbook references for each alert.
Build and maintain alert severity frameworks and prioritization logic.
Retire stale or redundant detections with documented justification and communication.
Produce monthly detection metrics: coverage by ATT&CK tactic, false positive trends, new vs. retired rules.
Perform threat modeling to identify gaps in current detection coverage.
Collaborate with SIEM Engineer on platform optimization and detection rule infrastructure.
Work with CTI Specialists to translate threat intelligence into detection requirements.
Conduct log analysis and data exploration to validate detection logic and identify edge cases.
Author SIGMA rules to ensure detection portability and cross-platform compatibility.
Participate in alert tuning and optimization based on SOC analyst feedback and operational experience.
Maintain runbooks and escalation procedures aligned with detection behaviors and expected outcomes.
Stay current with emerging detection methodologies, tools, and MITRE ATT&CK updates.
Mentor and develop team members on detection engineering best practices and frameworks.
Communicate detection engineering decisions, alert changes, and coverage analysis to technical and non-technical stakeholders.
Track and report on detection engineering program metrics (rules deployed, coverage improvement, FP reduction).

So are YOU our next Senior Detection Engineer? You are if you have…

5+ years of relevant experience in detection engineering, security operations, or threat analysis in an enterprise environment.
Experience authoring and deploying detection rules using Elastic Detection Rules (KQL, EQL, ES|QL).
Practical experience with MITRE ATT&CK framework for detection mapping and coverage analysis.
Experience tuning detection logic and reducing false positive rates in production environments.
Experience with SIGMA rule authoring and cross-platform detection development.
Experience conducting purple team exercises and validating detection effectiveness.
Strong log analysis and data exploration skills for identifying detection gaps and anomalies.
Knowledge of threat modeling methodologies and detection requirement development.
Knowledge of alert fatigue reduction strategies and signal-to-noise optimization.
Knowledge of SIEM platform architecture, data pipelines, and detection rule deployment workflows.
Experience developing and maintaining large-scale detection portfolios.
Experience with threat intelligence integration into detection workflows.

Brownie points if you have...

GCDA, Elastic Certified Analyst, SANS SEC511, HTB CDSA or similar relevant certifications.
Contributions to open-source detection rule repositories (Elastic, Sigma).

Sounds like you? Click below to apply!

#LI-Hybrid #LI-MM1