Role
• Lead detection ideation based on observed telemetry patterns, threat intelligence and gap analysis
• Analyse endpoint, identity, network and cloud telemetry to uncover detection opportunities and investigative leads
• Model attack behaviours using frameworks such as MITRE ATT&CK and propose corresponding detection logic
• Support the full detection engineering lifecycle from opportunity identification and modelling through to deployment and tuning
• Collaborate with detection engineers to translate investigative insights into operational detections
Skills
• Strong analytical and investigative mindset with demonstrable curiosity and attention to detail
• Familiarity with common attacker techniques and MITRE ATT&CK mapping
• Hands-on experience analysing logs from Defender for Identity, DNS, Windows event logs and endpoint telemetry
• Comfortable navigating enterprise-scale environments and understanding host, user and application behaviours
• Knowledge of threat hunting methodologies and ability to articulate detection gaps clearly